Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpipam phpipam vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-23045
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
Phpipam Phpipam 1.4.4
4.3
CVSSv2
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
Phpipam Phpipam 1.4.4
4.3
CVSSv2
CVE-2021-35438
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
Phpipam Phpipam 1.4.3
4.3
CVSSv2
CVE-2015-6529
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote malicious users to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
Phpipam Phpipam 1.1.010
NA
CVE-2023-4965
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The e...
Phpipam Phpipam 1.5.1
NA
CVE-2022-41443
phpipam v1.5.0 exists to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
Phpipam Phpipam 1.5.0
3.5
CVSSv2
CVE-2020-13225
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
Phpipam Phpipam 1.4
7.5
CVSSv2
CVE-2018-1000869
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerabili...
Phpipam Phpipam 1.3.2
6.8
CVSSv2
CVE-2020-7988
An issue exists in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, an...
Phpipam Phpipam 1.4
NA
CVE-2023-24657
phpipam v1.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
Phpipam Phpipam 1.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »