CVE-2024-32480: LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it’s a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0
References
Detect and mitigate CVE-2024-32480 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →