Cross-site Scripting (XSS)

librenms/librenms is vulnerable to cross-site scripting. The vulnerability exists in addhost.inc.php in sysName, Hardware and Community fields which allows an attacker to send and execute arbitrary javascript...

Design/Logic Flaw

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

CVE-2018-20434

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

CVE-2018-20434

LibreNMS 1.46 is affected by CVE-2018-20434. The vulnerability allows remote command execution via the POST parameter $_POST['community'] used in html/pages/addhost.inc.php during device creation. A subsequent request to /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost tri...

CVE-2018-20434 - LibreNMS Addhost Command Injection

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...