Main Vulnerability Database Exploits ID:6015 - Exploit for OS Command Injection in LibreNMS - CVE-2018-20434

ID:6015 - Exploit for OS Command Injection in LibreNMS - CVE-2018-20434

Published: June 17, 2021

Vulnerability identifier: #VU35953

Vulnerability risk: High

CVE-ID: CVE-2018-20434

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
LibreNMS

Link to public exploit:

https://www.exploit-db.com/exploits/46970/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.

Remediation

Install update from vendor's website.

ID:6015 - Exploit for OS Command Injection in LibreNMS - CVE-2018-20434

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human