Home > Vulnerability Database > CVE-2020-36947

Mend.io Vulnerability Database

CVE-2020-36947

Good to know:

Date: January 27, 2026

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.

Severity Score

7.1

Related Resources (8)

Url: https://www.librenms.org

Url: https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36947

Url: https://community.librenms.org/

Url: https://github.com/librenms/librenms

Url: https://www.exploit-db.com/exploits/49246

Url: https://community.librenms.org

Url: https://www.mend.io/vulnerability-database/CVE-2020-36947

Severity Score

7.1

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2020-36947

Good to know:

Date: January 27, 2026

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?