Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/11/19 11:14 p.m.7 views

CVE-2025-65093

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

5.5CVSS7.9AI score0.03207EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/18 11:25 p.m.4 views

SQL Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the hostname parameter in the ajaxoutput.php endpoint. An attacker can access sensitive information...

7CVSS7.2AI score0.03207EPSS
Exploits1References2
NVD
NVD
added 2025/11/18 11:15 p.m.9 views

CVE-2025-65093

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

5.5CVSS0.03207EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/18 11:2 p.m.6 views

EUVD-2025-198051

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

5.5CVSS7.4AI score0.03207EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/11/18 6:48 p.m.7 views

LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

Summary A Boolean-Based Blind SQL Injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query...

5.5CVSS7.9AI score0.03207EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/10/31 4:15 p.m.4 views

CVE-2022-2167

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00551EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/31 12:0 a.m.12 views

CVE-2022-2627 Newspaper < 12 - Reflected Cross-Site Scripting

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

6.8AI score0.00969EPSS
Exploits2References1
OSV
OSV
added 2022/07/11 1:15 p.m.5 views

CVE-2022-1937

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score
Exploits0References1
0day.today
0day.today
added 2019/06/30 12:0 a.m.170 views

LibreNMS 1.46 - addhost Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.0...

10CVSS0.71487EPSS
Exploits9
Rows per page
Query Builder