Page 11 of 53 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. LibreNMS, hasta la versión 1.47, permite la inyección SQL mediante el parámetro sort[hostname] en html/ajax_table.php., explotable por usuarios autenticados durante una búsqueda. • https://cert.enea.pl/advisories/cert-190101.html https://github.com/librenms/librenms/commits/master/html/ajax_table.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. Vulnerabilidades Cross-Site Scripting (XSS) persistente en LibreNMS en versiones anteriores a la 1.44 permiten que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro dashboard_name en el recurso /ajax_form.php, relacionado con html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php y html/includes/forms/edit-dashboard.inc.php. • https://github.com/librenms/librenms/issues/9170 https://github.com/librenms/librenms/pull/9171 https://github.com/librenms/librenms/releases/tag/1.44 https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. El proceso de instalación en LibreNMS, en versiones anteriores a 2017-08-18, permite que atacantes remotos lean archivos arbitrarios. Esto está relacionado con html/install.php. • https://blog.librenms.org/2017/08/22/librenms-security-fix-during-the-installation-process https://github.com/librenms/librenms/commit/7887b2e1c7158204ac69ca43beafce66e4d3a3b4 https://github.com/librenms/librenms/commit/d3094fa6578b29dc34fb5a7d0bd6deab49ecc911 https://github.com/librenms/librenms/pull/7184 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •