Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms librenms vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2018-20434
LibreNMS 1.46 allows remote malicious users to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hos...
Librenms Librenms 1.46
2 EDB exploits
2 Github repositories
7.5
CVSSv2
CVE-2022-29712
LibreNMS v22.3.0 exists to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
Librenms Librenms 22.3.0
7.5
CVSSv2
CVE-2021-44278
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
Librenms Librenms 21.11.0
7.5
CVSSv2
CVE-2019-10665
An issue exists in LibreNMS up to and including 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filte...
Librenms Librenms
6.8
CVSSv2
CVE-2019-10666
An issue exists in LibreNMS up to and including 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP ...
Librenms Librenms
6.5
CVSSv2
CVE-2022-0580
Incorrect Authorization in Packagist librenms/librenms before 22.2.0.
Librenms Librenms
6.5
CVSSv2
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS prior to 21.1.0 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-setti...
Librenms Librenms
6.5
CVSSv2
CVE-2020-15877
An issue exists in LibreNMS prior to 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
Librenms Librenms
6.5
CVSSv2
CVE-2019-12463
An issue exists in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_e...
Librenms Librenms
6.5
CVSSv2
CVE-2019-10671
An issue exists in LibreNMS up to and including 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php...
Librenms Librenms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »