-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 1.65.1 | 1.65.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the insecure construction of an SQL query in customoid.inc.php. The original code directly interpolated the user-supplied 'device_id' POST parameter into the SQL string without sanitization or parameterization. This raw query was then passed to dbFetchRow(), which executed it as-is. The fix replaced the interpolation with a parameterized query ('?') and proper binding, confirming the root cause was improper input handling in the dbFetchRow() usage context. The function itself isn't inherently vulnerable but was misused in this scenario.