mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-28 11:21:40 +02:00
marc
775 B
775 B
CVE-2020-35700
Description
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.