8.8
CVSS
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
Severity: HIGH
📦
netmri
Vendor: infoblox
Actively Exploited
0
CISA KEV List
PoC / Exploits
1
Code Available
Total RCEs
2
Remote Access
Total CVEs
39
Total Indexed
Avg. EPSS
8.80%
Exploit Prob.
Security Vulnerability Index
Page 1 / 4
6.5
CVSS
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
Severity: MEDIUM
9.8
CVSS
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
Severity: CRITICAL
7.2
CVSS
CVE-2025-32813
RCE
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
Severity: HIGH
5.3
CVSS
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
Severity: MEDIUM
6.1
CVSS
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
Severity: MEDIUM
6.1
CVSS
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
Severity: MEDIUM
10.0
CVSS
Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request.
Severity: HIGH
7.2
CVSS
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.
Severity: HIGH
10.0
CVSS
CVE-2014-3418
RCE
Exploit Found
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
Severity: HIGH