Librenms: >> Librenms >> 1.64.1 Security Vulnerabilities
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
CVSS Score
6.5
EPSS Score
0.018
Published
2020-07-21
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-21
Page 7