An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.
References
Link | Resource |
---|---|
https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-020/ | Exploit Third Party Advisory |
https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-020/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-020/ - Exploit, Third Party Advisory |
Information
Published : 2019-09-09 13:15
Updated : 2024-11-21 04:19
NVD link : CVE-2019-10666
Mitre link : CVE-2019-10666
CVE.ORG link : CVE-2019-10666
JSON object : View
Products Affected
librenms
- librenms
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere