Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php
Vulnerability Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
LibreNMS SQL注入漏洞
Vulnerability Description
LibreNMS是LibreNMS社区的一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 25.12.0及之前版本存在SQL注入漏洞,该漏洞源于address-search.inc.php中address参数处理不当,可能导致基于时间的盲SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A