Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-py7t-waeg-cfh8
Vulnerability ID VCID-py7t-waeg-cfh8
Aliases CVE-2024-32461
GHSA-cwx6-cx7x-4q34
Summary LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-32461
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-32461
cvssv3.1 7.1 https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
cvssv3.1 8.8 https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
generic_textual HIGH https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
ssvc Track https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-cwx6-cx7x-4q34
cvssv3.1 8.8 https://github.com/librenms/librenms
generic_textual HIGH https://github.com/librenms/librenms
cvssv3.1 7.1 https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
cvssv3.1 8.8 https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
generic_textual HIGH https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
ssvc Track https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
cvssv3.1 7.1 https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
cvssv3.1 8.8 https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
cvssv3.1_qr HIGH https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
generic_textual HIGH https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
ssvc Track https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-32461
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-32461
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-32461
16811991bb5fff6 https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
CVE-2024-32461 https://nvd.nist.gov/vuln/detail/CVE-2024-32461
d29201fce134347f891102699fbde7070debee33 https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
GHSA-cwx6-cx7x-4q34 https://github.com/advisories/GHSA-cwx6-cx7x-4q34
GHSA-cwx6-cx7x-4q34 https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/ Found at https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/ Found at https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/ Found at https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-32461
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.35532
EPSS Score 0.00151
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:41:57.599256+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/32xxx/CVE-2024-32461.json 38.6.0