Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpipam phpipam vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-41580
Phpipam before v1.5.2 exists to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows malicious users to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.
Phpipam Phpipam
9.8
CVSSv3
CVE-2019-16694
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
Phpipam Phpipam
4.8
CVSSv3
CVE-2023-1212
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
Phpipam Phpipam
9.8
CVSSv3
CVE-2019-16693
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
Phpipam Phpipam
9.8
CVSSv3
CVE-2019-16696
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
Phpipam Phpipam
7.2
CVSSv3
CVE-2023-1211
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
Phpipam Phpipam
6.5
CVSSv3
CVE-2022-1223
Incorrect Authorization in GitHub repository phpipam/phpipam before 1.4.6.
Phpipam Phpipam
4.7
CVSSv3
CVE-2018-1000860
phpipam version 1.3.2 and previous versions contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>a...
Phpipam Phpipam
6.5
CVSSv3
CVE-2022-1224
Improper Authorization in GitHub repository phpipam/phpipam before 1.4.6.
Phpipam Phpipam
6.5
CVSSv3
CVE-2022-1225
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam before 1.4.6.
Phpipam Phpipam
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »