Tony Murray

48 exploits Active since Jul 2020
CVE-2026-26987 WRITEUP MEDIUM WRITEUP
LibreNMS <25.12.0 - XSS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.
CVSS 6.1
CVE-2026-26988 WRITEUP CRITICAL WRITEUP
LibreNMS <=25.12.0 - SQL Injection
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.
CVSS 9.1
CVE-2026-26989 WRITEUP MEDIUM WRITEUP
LibreNMS <25.12.0 - Stored XSS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0.
CVSS 4.3
CVE-2026-26990 WRITEUP HIGH WRITEUP
LibreNMS <=25.12.0 - SQL Injection
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.
CVSS 8.8
CVE-2026-26991 WRITEUP MEDIUM WRITEUP
LibreNMS <=26.1.1 - Stored XSS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The name of the newly created device group is stored in the value of the name parameter. After the device group is created, the entry is displayed along with relevant buttons such as Rediscover Devices, Edit, and Delete. This issue has been fixed in version 26.2.0.
CVSS 4.8
CVE-2026-26992 WRITEUP MEDIUM WRITEUP
LibreNMS <=26.1.1 - Stored XSS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of the newly created port group is stored in the value of the name parameter. After the port group is created, the entry is displayed along with relevant buttons such as Edit and Delete. This issue has been fixed in version 26.2.0.
CVSS 4.8
CVE-2026-27016 WRITEUP MEDIUM WRITEUP
LibreNMS 24.10.0-26.1.1 - Stored XSS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.
CVSS 5.4
CVE-2020-15877 WRITEUP HIGH WRITEUP
LibreNMS <1.65.1 - Privilege Escalation
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
CVSS 8.8
CVE-2020-35700 WRITEUP HIGH WRITEUP
Librenms < 21.1.0 - SQL Injection
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
CVSS 8.8
CVE-2021-43324 WRITEUP MEDIUM WRITEUP
LibreNMS <21.10.2 - XSS
LibreNMS through 21.10.2 allows XSS via a widget title.
CVSS 6.1
CVE-2022-29711 WRITEUP MEDIUM WRITEUP
Librenms < 22.4.0 - XSS
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
CVSS 6.1
CVE-2022-3231 WRITEUP MEDIUM WRITEUP
librenms/librenms <22.9.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.
CVSS 5.4
CVE-2022-3516 WRITEUP MEDIUM WRITEUP
librenms/librenms <22.10.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 6.1
CVE-2022-3525 WRITEUP HIGH WRITEUP
librenms/librenms <22.10.0 - Deserialization
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 8.8
CVE-2022-3561 WRITEUP MEDIUM WRITEUP
GitHub librenms/librenms <22.10.0 - XSS
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 6.1
CVE-2022-3562 WRITEUP MEDIUM WRITEUP
librenms/librenms <22.10.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 5.4
CVE-2022-4067 WRITEUP MEDIUM WRITEUP
librenms/librenms <22.10.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 5.4
CVE-2022-4068 WRITEUP MEDIUM WRITEUP
LibreNMS <= 22.10.0 - Account Re-enablement and XSS
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
CVSS 5.4
CVE-2022-4069 WRITEUP MEDIUM WRITEUP
librenms/librenms <22.10.0 - XSS
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 4.8
CVE-2022-4070 WRITEUP CRITICAL WRITEUP
librenms/librenms <22.10.0 - Info Disclosure
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
CVSS 9.8
CVE-2023-4347 WRITEUP MEDIUM WRITEUP
librenms/librenms <23.8.0 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
CVSS 5.4
CVE-2023-48294 WRITEUP MEDIUM WRITEUP
Librenms < 23.11.0 - Information Disclosure
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 4.3
CVE-2023-48295 WRITEUP MEDIUM WRITEUP
Librenms < 23.11.0 - XSS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 6.3
CVE-2023-4977 WRITEUP MEDIUM WRITEUP
Librenms < 23.9.0 - Code Injection
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
CVSS 5.4
CVE-2023-4978 WRITEUP MEDIUM WRITEUP
Librenms < 23.9.0 - XSS
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
CVSS 6.1