Vulnerability Description
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librenms | Librenms | >= 1.50.1, < 1.53 |
Related Weaknesses (CWE)
References
- https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xlExploitThird Party Advisory
- https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xlExploitThird Party Advisory
FAQ
What is CVE-2019-12463?
CVE-2019-12463 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encod...
How severe is CVE-2019-12463?
CVE-2019-12463 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12463?
Check the references section above for vendor advisories and patch information. Affected products include: Librenms Librenms.