Full title: LibreNMS Collectd Command Injection Exploit 
Category: remote exploits
Platform: linux
This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which can result in code execution.

# 0day.today @ http://0day.today/