CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

CVE-2025-65093

LibreNMS contains a Boolean-Based Blind SQL Injection in the hostname parameter of the /ajax_output.php endpoint. The hostname is interpolated into an SQL query without proper sanitization or parameter binding, enabling an attacker to infer data from the database via conditional responses. Impact...

GHSA-6PMJ-XJXP-P8G9 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

Summary A Boolean-Based Blind SQL Injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query...

Knight CMS SQL injection vulnerability-vulnerability warning-the black bar safety net

Knight CMS personnel system, ajaxoutput. php page parameter filter is not strict thereSQL injectionvulnerabilities. Vulnerability file: ajaxoutput.php $categoryid=trim$GET'categoryid'; if $categoryid+00 && intval$categoryid==$categoryid //only if the judge did not perform EXP: the...