Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-r2tp-4cm4-b3b1
Vulnerability ID VCID-r2tp-4cm4-b3b1
Aliases CVE-2024-32480
GHSA-jh57-j3vq-h438
Summary LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00405 https://api.first.org/data/v1/epss?cve=CVE-2024-32480
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-jh57-j3vq-h438
cvssv3.1 7.2 https://github.com/librenms/librenms
generic_textual HIGH https://github.com/librenms/librenms
cvssv3.1 7.2 https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
generic_textual HIGH https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
ssvc Track https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
cvssv3.1 7.2 https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
cvssv3.1_qr HIGH https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
generic_textual HIGH https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
ssvc Track https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
cvssv3.1 7.2 https://nvd.nist.gov/vuln/detail/CVE-2024-32480
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-32480
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-32480
83fe4b10c440d69a47fe2f8616e290ba2bd3a27c https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
CVE-2024-32480 https://nvd.nist.gov/vuln/detail/CVE-2024-32480
GHSA-jh57-j3vq-h438 https://github.com/advisories/GHSA-jh57-j3vq-h438
GHSA-jh57-j3vq-h438 https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:21:00Z/ Found at https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:21:00Z/ Found at https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-32480
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.61442
EPSS Score 0.00405
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:41:54.090247+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/32xxx/CVE-2024-32480.json 38.6.0