Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms librenms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS prior to 21.1.0 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-setti...
Librenms Librenms
6.5
CVSSv3
CVE-2020-15873
In LibreNMS prior to 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
Librenms Librenms
1 Github repository
8.1
CVSSv3
CVE-2019-12465
An issue exists in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.
Librenms Librenms
8.8
CVSSv3
CVE-2020-15877
An issue exists in LibreNMS prior to 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
Librenms Librenms
6.1
CVSSv3
CVE-2022-3516
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
8.8
CVSSv3
CVE-2022-3525
Deserialization of Untrusted Data in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
6.1
CVSSv3
CVE-2022-3561
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
6.5
CVSSv3
CVE-2023-5591
SQL Injection in GitHub repository librenms/librenms before 23.10.0.
Librenms Librenms
8.8
CVSSv3
CVE-2019-10671
An issue exists in LibreNMS up to and including 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php...
Librenms Librenms
7.5
CVSSv3
CVE-2023-46745
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain acces...
Librenms Librenms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »