Vulnerability Database

322,388

Total vulnerabilities in the database

CVE-2020-36947

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.

Published: Jan 27, 2026
Updated: Feb 3, 2026
CVE: CVE-2020-36947
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
librenms / librenms	1.46	1.46.x

https://community.librenms.org/
https://github.com/librenms/librenms
https://www.exploit-db.com/exploits/49246
https://www.librenms.org
https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo