Security Vulnerabilities - CVEs Published In September 2019
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.
CVSS Score
8.1
EPSS Score
0.0
Published
2019-09-09
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-09-09
The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-09
The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-09
The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-09
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-09-09
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.
CVSS Score
8.1
EPSS Score
0.0
Published
2019-09-09
An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-09-09
An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible.
CVSS Score
9.1
EPSS Score
0.0
Published
2019-09-09
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
CVSS Score
7.2
EPSS Score
0.684
Published
2019-09-09