2 matches found
Command Injection
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Command Injection via the shellexec function in AboutController.php. A malicious device whose hostname includes shell...
PT-2024-34661
Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.10.0 Description A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the unit parameter when creating a new OID. Th...