Parlakbarann

**Name of the Vulnerable Software and Affected Versions** LibreNMS version 22.11.0-23-gd091788f2 **Description** A Local File Inclusion (LFI) issue exists in the NFSen module (nfsen.inc.php). This occurs due to improper restriction of the directory path name when processing the `nfsen` parameter. An authenticated remote attacker can use path traversal sequences to include arbitrary PHP files from the server filesystem, potentially leading to arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.