What is CVE-2018-20434?

CVE-2018-20434 is a vulnerability in N/a. Published 2019-04-24.

Is CVE-2018-20434 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-20434

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type…

EPSS: 0.663 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

gist.github.com/mhaskar/516df57aafd8c6e3a1d70765075d372d (x_refsource_MISC)
drive.google.com/file/d/1LcGmOY8x-TG-wnNr-cM_f854kxk0etva/view (x_refsource_MISC)
shells.systems/librenms-v1-46-remote-code-execution-cve-2018-20434/ (x_refsource_MISC)
packetstormsecurity.com/files/153188/LibreNMS-addhost-Command-Injection.html (x_refsource_MISC)
packetstormsecurity.com/files/153448/LibreNMS-1.46-addhost-Remote-Code-Executio… (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-20434?: CVE-2018-20434 is a vulnerability in N/a. Published 2019-04-24.
Is CVE-2018-20434 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.