CVE-2020-35700

A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
Configurations

Configuration 1 (hide)

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

Information

Published : 2021-02-08 09:15

Updated : 2021-02-09 18:42


NVD link : CVE-2020-35700

Mitre link : CVE-2020-35700


JSON object : View

Products Affected

librenms

  • librenms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')