Security Advisory

CVE-2020-35700

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-08 08:08:15

Last updated 2024-08-04 17:09:15

Assigner mitre

State PUBLISHED

Description

A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.

← Browse all CVEs View on cve.org ↗