Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpipam phpipam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41443
phpipam v1.5.0 exists to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
Phpipam Phpipam 1.5.0
668
VMScore
CVE-2018-1000869
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerabili...
Phpipam Phpipam 1.3.2
NA
CVE-2023-4965
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The e...
Phpipam Phpipam 1.5.1
384
VMScore
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
Phpipam Phpipam 1.4.4
383
VMScore
CVE-2018-10329
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
Phpipam Phpipam 1.3.1
312
VMScore
CVE-2022-23045
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
Phpipam Phpipam 1.4.4
NA
CVE-2023-24657
phpipam v1.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
Phpipam Phpipam 1.6
605
VMScore
CVE-2020-7988
An issue exists in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, an...
Phpipam Phpipam 1.4
580
VMScore
CVE-2022-23046
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
Phpipam Phpipam 1.4.4
4 Github repositories
383
VMScore
CVE-2021-35438
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
Phpipam Phpipam 1.4.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »