Description
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://github.com/librenms/librenms/blob/master/app/Http/Controllers/Widgets/TopDevicesController.php
Third Party Advisory x_refsource_misc
https://github.com/librenms/librenms/issues/12405
Exploit, Third Party Advisory x_refsource_misc
https://www.horizon3.ai/disclosures/librenms-second-order-sqli
Patch, Third Party Advisory x_refsource_confirm
https://github.com/librenms/librenms/pull/12422
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/librenms/librenms/releases/tag/21.1.0
Scores
CVSS v3
8.8
EPSS
0.0007
EPSS Percentile
20.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
librenms/librenms
< 21.1.0
librenms/librenms
0 - 21.1.0Packagist
Published
Feb 08, 2021
Tracked Since
Feb 18, 2026