Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ywp5-cwm9-afb5
Vulnerability ID VCID-ywp5-cwm9-afb5
Aliases CVE-2024-32461
GHSA-cwx6-cx7x-4q34
Summary LibreNMS vulnerable to SQL injection time-based leads to database extraction SQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-32461
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-32461
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-32461
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-32461
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-32461
cvssv3.1 7.1 https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
cvssv3.1 8.8 https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
generic_textual HIGH https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
ssvc Track https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-cwx6-cx7x-4q34
cvssv3.1 8.8 https://github.com/librenms/librenms
generic_textual HIGH https://github.com/librenms/librenms
cvssv3.1 7.1 https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
cvssv3.1 8.8 https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
generic_textual HIGH https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
ssvc Track https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
cvssv3.1 7.1 https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
cvssv3.1 8.8 https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
cvssv3.1_qr HIGH https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
generic_textual HIGH https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
ssvc Track https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-32461
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-32461
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-32461
https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
https://github.com/librenms/librenms
https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
CVE-2024-32461 https://nvd.nist.gov/vuln/detail/CVE-2024-32461
GHSA-cwx6-cx7x-4q34 https://github.com/advisories/GHSA-cwx6-cx7x-4q34
GHSA-cwx6-cx7x-4q34 https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/ Found at https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/ Found at https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/ Found at https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-32461
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.35533
EPSS Score 0.00151
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:47:39.475147+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/librenms/librenms/CVE-2024-32461.yml 38.6.0