CVE-2020-35700

SQL Injection in packagist/librenms/librenms

Identifier

CVE-2020-35700

Package Slug

packagist/librenms/librenms

Vulnerability

SQL Injection

Description

A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.

Affected Versions

All versions before 21.1.0

Solution

Upgrade to version 21.1.0 or above.

Last Modified

2021-02-10

source