LibreNMS addhost Command Injection
Posted by deepcore on June 5, 2019 – 10:39 am
This Metasploit module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed to the popen function in capture.inc.php, which can result in execution of arbitrary code. This module requires authentication to LibreNMS first.
Post a reply
You must be logged in to post a comment.