2 matches found
CVE-2024-51092
CVE-2024-51092 affects LibreNMS prior to 24.10.0 and allows an authenticated attacker to achieve arbitrary code execution via OS command injection. The root causes are: (1) AboutController.php index() returning a value from shell_exec(); (2) SettingsController.php update() validating and persisti...
PT-2024-34659 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the overwrite ip parameter when editing a device. Th...