-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 22.4.0 | 22.4.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from how the check_cmd string is constructed in poll_service. Before the patch, user-controlled parameters (service_ip, hostname, service_param) were concatenated into a shell command without sanitization. The patch adds Clean::fileName() sanitization to these parameters, confirming they were injection vectors. The function's direct use of unsanitized input in a command execution context (via check_cmd) matches the CWE-74 injection pattern.