CVE-2026-26988 LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...

GHSA-H3RV-Q4RQ-PQCV LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.

Summary SQL Injection in IPv6 Address Search functionality via address parameter A SQL injection vulnerability exists in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is...

EUVD-2022-2372

Malicious code in bioql PyPI...

LibreNMS SQL Injection

LibreNMS through 1.47 allows SQL injection via the html/ajaxtable.php sorthostname parameter, exploitable by authenticated users during a search...

GHSA-4FWH-R866-PVH9 LibreNMS SQL Injection

LibreNMS through 1.47 allows SQL injection via the html/ajaxtable.php sorthostname parameter, exploitable by authenticated users during a search...

SQL Injection

librenms/librenms is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements via the searchPhrase parameter in ajaxtable.php...

Sql injection

LibreNMS through 1.47 allows SQL injection via the html/ajaxtable.php sorthostname parameter, exploitable by authenticated users during a search...

CVE-2018-20678

LibreNMS through 1.47 allows SQL injection via the html/ajaxtable.php sorthostname parameter, exploitable by authenticated users during a search...

CVE-2018-20678

CVE-2018-20678 affects LibreNMS (up to 1.47) and describes a SQL injection vulnerability in the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. The root cause is insufficient validation/parameter handling of hostname sort input, enabling arbitrary...