Miggo Logo

CVE-2020-15873: LibreNMS SQL Injection vulnerability

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.87994%
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
librenms/librenmscomposer< 1.65.11.65.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the insecure construction of an SQL query in customoid.inc.php. The original code directly interpolated the user-supplied 'device_id' POST parameter into the SQL string without sanitization or parameterization. This raw query was then passed to dbFetchRow(), which executed it as-is. The fix replaced the interpolation with a parameterized query ('?') and proper binding, confirming the root cause was improper input handling in the dbFetchRow() usage context. The function itself isn't inherently vulnerable but was misused in this scenario.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Li*r*NMS ***or* *.**.*, *n *ut**nti**t** *tt**k*r **n ***i*v* SQL Inj**tion vi* t** *ustomoi*.in*.p*p **vi**_i* POST p*r*m*t*r to *j*x_*orm.p*p.

Reasoning

T** vuln*r**ility st*ms *rom t** ins**ur* *onstru*tion o* *n SQL qu*ry in `*ustomoi*.in*.p*p`. T** ori*in*l *o** *ir**tly int*rpol*t** t** us*r-suppli** '**vi**_i*' POST p*r*m*t*r into t** SQL strin* wit*out s*nitiz*tion or p*r*m*t*riz*tion. T*is r*w