Prjblk

**Name of the Vulnerable Software and Affected Versions** Gibbon versions prior to v30.0.01 **Description** A local file inclusion issue allows remote code execution by modifying the report archive directory and forcing the system to interpret a user-provided `.zip` file as PHP. This requires Teacher or higher privileges and could lead to the compromise of the underlying web server. **Recommendations** Update to version v30.0.01 or later.

**Name of the Vulnerable Software and Affected Versions** Gibbon versions prior to v30.0.01 **Description** A path traversal issue allows users with Teacher or higher privileges to cause a denial of service (DOS). This occurs when attempting to extract web application PHP files; if the .zip extraction fails, the file is deleted, leading to a loss of availability for the web application. **Recommendations** Update to version v30.0.01 or later.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 26.3.0 **Description** An authenticated Cross-site Scripting issue exists on the 'showconfig' page. An attacker with administrative privileges can execute scripts that target other users who access the same page. **Recommendations** Update to version 26.3.0 or later.