The exploit describes a SQL injection vulnerability in LibreNMS 1.46 and earlier, where the `mres()` function fails to properly sanitize user input due to a commented-out `mysqli_real_escape_string()` call. The PoC demonstrates triggering an SQL syntax error via the `search` parameter.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:LibreNMS 1.46 and earlier
No auth needed
Prerequisites:Access to the `/html/ajax_search.php` endpoint