-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from two key issues: 1) Mass assignment via $request->all() in UserController@update allowed unrestricted field modification. 2) Inadequate role-based validation in UpdateUserRequest@rules permitted non-admins to submit privileged fields. Together, these enabled users to reactivate disabled accounts and potentially inject XSS payloads via unsanitized username fields (though the exact XSS rendering point isn't visible in the provided diff). The commit fixes both by using validated() and implementing admin-specific validation rules.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 22.10.0 | 22.10.0 |
Ongoing coverage of React2Shell