LibreNMS Collectd Command Injection
https://packetstormsecurity.com/files/154391/librenms_collectd_cmd_inject.rb.txt
https://packetstormsecurity.com/files/154391/librenms_collectd_cmd_inject.rb.txthttps://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.htmlFri, 06 Sep 2019 22:28:00 GMTThis Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which can result in code execution.