-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of the 'sort' parameter in ajax_table.php. The commit 32f72bc shows the fix involved adding input validation (preg_replace to strip non-alphanumerics from column names and explicit ASC/DESC validation). The original vulnerable code (before this patch) lacked these protections, making SQL injection possible through the sort[hostname] parameter. The NVD description and GitHub advisory both confirm the attack vector involves unsanitized sort parameters in this file.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | <= 1.47 | 1.65 |