SQL Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the hostname parameter in the ajaxoutput.php endpoint. An attacker can access sensitive information...

CVE-2025-65093

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

Summary A Boolean-Based Blind SQL Injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query...

PT-2025-47406

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.11.0 Description LibreNMS contains a boolean-based blind SQL injection issue in the /ajax output.php endpoint. The hostname parameter is directly interpolated into an SQL query without proper sanitization, allowin...

Linux kernel denial of service vulnerability (CNVD-2016-01043)

The Linux kernel is an open source, free operating system kernel originally done by Linus Torvalds. A security vulnerability exists in the 'clie5attach' function in the drivers/usb/serial/visor.c file in Linux kernel 4.4.1 and earlier. An attacker in close physical proximity could exploit this...