CVE-2020-36947

Sažetak

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.

Reference

https://community.librenms.org/
https://github.com/librenms/librenms
https://www.exploit-db.com/exploits/49246
https://www.librenms.org
https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection
https://community.librenms.org/

CVSS

Base:	7.1
Impact:	4.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

02-02-2026 - 19:48

Objavljeno

27-01-2026 - 16:16