{"id":"CVE-2019-10669","details":"An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().","modified":"2026-04-10T04:13:06.476964Z","published":"2019-09-09T13:15:11.543Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html"},{"type":"EVIDENCE","url":"https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/librenms/librenms","events":[{"introduced":"0"},{"last_affected":"03d6d76908b21612988af0ab112a787863ba183a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.47"}]}}],"versions":["0.1","1.19","1.20","1.21","1.25","1.26","1.27","1.28","1.31.01","1.31.02","1.31.03","1.32","1.33","1.35","1.36","1.37","1.38","1.39","1.40","1.41","1.42","1.42.01","1.43","1.44","1.45","1.46","1.47","201505","201506","201507","201508","201509","201510","201511","201512","201601","201602","201603","201604","201605","201606","201607","201608","20160828","201609"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10669.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}