High severityOSV Advisory· Published Mar 28, 2019· Updated Aug 5, 2024
CVE-2018-20678
CVE-2018-20678
Description
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
librenms/librenmsPackagist | < 1.65 | 1.65 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-4fwh-r866-pvh9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20678ghsaADVISORY
- cert.enea.pl/advisories/cert-190101.htmlghsax_refsource_MISCWEB
- github.com/librenms/librenms/commit/32f72bc1ab7e980e4070e826a89d0d36a5ba62ddghsaWEB
- github.com/librenms/librenms/commits/master/html/ajax_table.phpmitrex_refsource_MISC
- github.com/librenms/librenms/pull/11920ghsaWEB
News mentions
0No linked articles in our index yet.