Vulnerabilities (CVE)

Filtered by vendor Librenms Subscribe
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-31274 1 Librenms 1 Librenms 2021-09-15 3.5 LOW 5.4 MEDIUM
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
CVE-2019-10666 1 Librenms 1 Librenms 2021-07-21 6.8 MEDIUM 8.1 HIGH
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.
CVE-2020-15877 1 Librenms 1 Librenms 2021-07-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
CVE-2020-35700 1 Librenms 1 Librenms 2021-02-09 6.5 MEDIUM 8.8 HIGH
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
CVE-2019-10665 1 Librenms 1 Librenms 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.
CVE-2019-12463 1 Librenms 1 Librenms 2020-08-24 6.5 MEDIUM 8.8 HIGH
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ.
CVE-2019-10668 1 Librenms 1 Librenms 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible.
CVE-2019-10669 1 Librenms 1 Librenms 2020-08-24 6.5 MEDIUM 7.2 HIGH
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
CVE-2020-15873 1 Librenms 1 Librenms 2020-07-23 4.0 MEDIUM 6.5 MEDIUM
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
CVE-2017-16759 1 Librenms 1 Librenms 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
CVE-2019-10670 1 Librenms 1 Librenms 2019-09-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php.
CVE-2019-10671 1 Librenms 1 Librenms 2019-09-10 6.5 MEDIUM 8.8 HIGH
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.
CVE-2019-12464 1 Librenms 1 Librenms 2019-09-10 6.0 MEDIUM 7.5 HIGH
An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.
CVE-2019-12465 1 Librenms 1 Librenms 2019-09-10 5.5 MEDIUM 8.1 HIGH
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.
CVE-2019-10667 1 Librenms 1 Librenms 2019-09-09 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths.
CVE-2019-15230 1 Librenms 1 Librenms 2019-08-30 3.5 LOW 5.4 MEDIUM
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.
CVE-2018-20434 1 Librenms 1 Librenms 2019-06-04 10.0 HIGH 9.8 CRITICAL
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
CVE-2018-20678 1 Librenms 1 Librenms 2019-03-28 6.5 MEDIUM 8.8 HIGH
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
CVE-2018-18478 1 Librenms 1 Librenms 2018-12-04 4.3 MEDIUM 6.1 MEDIUM
Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php.