exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
LibreNMS Collectd Command Injection https://packetstormsecurity.com/files/154391/librenms_collectd_cmd_inject.rb.txt https://packetstormsecurity.com/files/154391/librenms_collectd_cmd_inject.rb.txt https://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html Fri, 06 Sep 2019 22:28:00 GMT This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which can result in code execution.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close