CVE-2018-20434: OS Command Injection
(updated )
LibreNMS allows remote attackers to execute arbitrary OS commands by using the community
parameter to html/pages/addhost.inc.php
during creation of a new device, and then making a /ajax_output.php?id
=capture&format=text&type=snmpwalk&hostname=localhostrequest that triggers
html/includes/output/capture.inc.php` command mishandling.
References
Detect and mitigate CVE-2018-20434 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →