CVE-2020-36947

HIGH

LibreNMS 1.46 - Authenticated SQL Injection

Title source: llm

Description

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.

Exploits (1)

exploitdb WORKING POC

by Hodorsec · pythonwebappsmultiple

https://www.exploit-db.com/exploits/49246

View Code ZIP pw:eip

References (5)

[Product] https://community.librenms.org/

[Product] https://github.com/librenms/librenms

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49246

[Product] https://www.librenms.org

[Third Party Advisory] https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection

Scores

CVSS v3 7.1

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Details

CWE

CWE-89

Status published

Products (2)

librenms/librenms 1.46

librenms/librenms 0Packagist

Published Jan 27, 2026

Tracked Since Feb 18, 2026