-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of MySQL options during database connection setup. The patch in commit 7887b2e explicitly adds mysqli_options($database_link, MYSQLI_OPT_LOCAL_INFILE, false) to dbConnect(), which mitigates the path traversal risk. This indicates the original function lacked this security measure, enabling arbitrary file read via malicious database server responses or connection parameters during the installation process (exploited via install.php's unpatched session handling). While install.php modifications hardened the installation flow, the core vulnerability resided in dbFacile.php's database connection logic.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 2017-08-18 | 2017-08-18 |