Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-61va-qddt-rbf2
Vulnerability ID VCID-61va-qddt-rbf2
Aliases CVE-2018-20678
GHSA-4fwh-r866-pvh9
Summary
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2018-20678
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2018-20678
cvssv3.1 8.8 https://cert.enea.pl/advisories/cert-190101.html
generic_textual HIGH https://cert.enea.pl/advisories/cert-190101.html
cvssv3.1 8.8 https://github.com/librenms/librenms/commit/32f72bc1ab7e980e4070e826a89d0d36a5ba62dd
generic_textual HIGH https://github.com/librenms/librenms/commit/32f72bc1ab7e980e4070e826a89d0d36a5ba62dd
cvssv3.1 8.8 https://github.com/librenms/librenms/pull/11920
generic_textual HIGH https://github.com/librenms/librenms/pull/11920
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-20678
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2018-20678
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-20678
https://cert.enea.pl/advisories/cert-190101.html
https://github.com/librenms/librenms/commit/32f72bc1ab7e980e4070e826a89d0d36a5ba62dd
https://github.com/librenms/librenms/pull/11920
https://nvd.nist.gov/vuln/detail/CVE-2018-20678
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://cert.enea.pl/advisories/cert-190101.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms/commit/32f72bc1ab7e980e4070e826a89d0d36a5ba62dd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/librenms/librenms/pull/11920
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-20678
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.01325
EPSS Score 0.00011
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-12T01:44:09.467470+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0