Tony Murray

50 exploits Active since Jul 2020
CVE-2020-15873 WRITEUP MEDIUM WRITEUP
LibreNMS < 1.65.1 - Authenticated SQL Injection via device_id POST Parameter
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
CVSS 6.5
CVE-2024-47526 WRITEUP LOW WRITEUP
LibreNMS < 24.9.0 - Self Cross-Site Scripting in Alert Template Name
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh.
CVSS 3.5
CVE-2026-26987 WRITEUP MEDIUM WRITEUP
LibreNMS < 26.2.0 - Reflected Cross-Site Scripting via Email Field
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.
CVSS 6.1
CVE-2026-26988 WRITEUP CRITICAL WRITEUP
LibreNMS < 26.2.0 - SQL Injection via IPv6 Address Search in ajax_table.php
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.
CVSS 9.1
CVE-2026-26989 WRITEUP MEDIUM WRITEUP
LibreNMS < 26.2.0 - Authenticated Stored Cross-Site Scripting in Alert Rules Workflow
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0.
CVSS 4.3
CVE-2026-26990 WRITEUP HIGH WRITEUP
LibreNMS < 26.2.0 - Authenticated Time-Based Blind SQL Injection via Address Parameter
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.
CVSS 8.8
CVE-2026-26991 WRITEUP MEDIUM WRITEUP
LibreNMS < 26.2.0 - Authenticated Stored Cross-Site Scripting via Device Group Name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The name of the newly created device group is stored in the value of the name parameter. After the device group is created, the entry is displayed along with relevant buttons such as Rediscover Devices, Edit, and Delete. This issue has been fixed in version 26.2.0.
CVSS 4.8
CVE-2026-26992 WRITEUP MEDIUM WRITEUP
LibreNMS < 26.2.0 - Authenticated Stored Cross-Site Scripting via Port Group Name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of the newly created port group is stored in the value of the name parameter. After the port group is created, the entry is displayed along with relevant buttons such as Edit and Delete. This issue has been fixed in version 26.2.0.
CVSS 4.8
CVE-2026-27016 WRITEUP MEDIUM WRITEUP
LibreNMS 24.10.0-26.1.1 - Stored XSS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.
CVSS 5.4
CVE-2020-15877 WRITEUP HIGH WRITEUP
LibreNMS <1.65.1 - Privilege Escalation
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
CVSS 8.8
CVE-2020-35700 WRITEUP HIGH WRITEUP
LibreNMS < 21.1.0 - Authenticated SQL Injection via Top Devices Widget sort_order Parameter
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
CVSS 8.8
CVE-2021-43324 WRITEUP MEDIUM WRITEUP
LibreNMS < 21.10.2 - Cross-Site Scripting via Widget Title
LibreNMS through 21.10.2 allows XSS via a widget title.
CVSS 6.1
CVE-2022-29711 WRITEUP MEDIUM WRITEUP
LibreNMS < 22.4.0 - Cross-Site Scripting via GraylogController
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
CVSS 6.1
CVE-2022-3231 WRITEUP MEDIUM WRITEUP
librenms < 22.9.0 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.
CVSS 5.4
CVE-2022-3516 WRITEUP MEDIUM WRITEUP
librenms < 22.10.0 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 6.1
CVE-2022-3525 WRITEUP HIGH WRITEUP
librenms/librenms <22.10.0 - Deserialization
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 8.8
CVE-2022-3561 WRITEUP MEDIUM WRITEUP
GitHub librenms/librenms <22.10.0 - XSS
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 6.1
CVE-2022-3562 WRITEUP MEDIUM WRITEUP
librenms < 22.10.0 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 5.4
CVE-2022-4067 WRITEUP MEDIUM WRITEUP
librenms < 22.10.0 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 5.4
CVE-2022-4068 WRITEUP MEDIUM WRITEUP
LibreNMS <= 22.10.0 - Account Re-enablement and XSS
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
CVSS 5.4
CVE-2022-4069 WRITEUP MEDIUM WRITEUP
librenms < 22.10.0 - Cross-Site Scripting
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 4.8
CVE-2022-4070 WRITEUP CRITICAL WRITEUP
librenms/librenms <22.10.0 - Info Disclosure
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 9.8
CVE-2023-4347 WRITEUP MEDIUM WRITEUP
librenms < 23.8.0 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
CVSS 5.4
CVE-2023-48294 WRITEUP MEDIUM WRITEUP
LibreNMS < 23.11.0 - Authenticated Device Enumeration via graph.php
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 4.3
CVE-2023-48295 WRITEUP MEDIUM WRITEUP
LibreNMS < 23.11.0 - Stored Cross-Site Scripting in Device Group Popups
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 6.3