CVE-2020-15873

MEDIUM

LibreNMS < 1.65.1 - Authenticated SQL Injection via device_id POST Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15873. PoCs published by limerencee.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2020-15873, a blind SQL injection vulnerability in LibreNMS versions prior to 1.65.1. The exploit uses time-based SQL injection to extract database information, including version details and user credentials.

Description

In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.

Exploits (1)

nomisec WORKING POC
by limerencee · poc
https://github.com/limerencee/cs4239-cve-2020-15873

This repository contains a functional proof-of-concept exploit for CVE-2020-15873, a blind SQL injection vulnerability in LibreNMS versions prior to 1.65.1. The exploit uses time-based SQL injection to extract database information, including version details and user credentials.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: LibreNMS < v1.65.1
Auth required
Prerequisites: Docker with LibreNMS container · Python2.7 with BeautifulSoup4 · Valid LibreNMS credentials · Device configured with host '127.0.0.1'
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://research.loginsoft.com/bugs/blind-sql-injection-in-librenms/
Release Notes, Vendor Advisory x_refsource_misc
https://community.librenms.org/c/announcements
Third Party Advisory x_refsource_misc
https://github.com/librenms/librenms/compare/1.65...1.65.1
Patch, Third Party Advisory x_refsource_misc
https://github.com/librenms/librenms/pull/11923

Scores

CVSS v3 6.5
EPSS 0.0197
EPSS Percentile 84.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (2)
librenms/librenms < 1.65.1
librenms/librenms 0 - 1.65.1Packagist
Published Jul 21, 2020
Tracked Since Feb 18, 2026