Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpipam phpipam vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-1000869
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerabili...
Phpipam Phpipam 1.3.2
9.8
CVSSv3
CVE-2022-41443
phpipam v1.5.0 exists to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
Phpipam Phpipam 1.5.0
8.8
CVSSv3
CVE-2020-7988
An issue exists in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, an...
Phpipam Phpipam 1.4
6.1
CVSSv3
CVE-2018-10329
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
Phpipam Phpipam 1.3.1
6.1
CVSSv3
CVE-2021-35438
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
Phpipam Phpipam 1.4.3
4.8
CVSSv3
CVE-2023-4965
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The e...
Phpipam Phpipam 1.5.1
4.8
CVSSv3
CVE-2022-23045
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
Phpipam Phpipam 1.4.4
7.2
CVSSv3
CVE-2022-23046
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
Phpipam Phpipam 1.4.4
4 Github repositories
6.1
CVSSv3
CVE-2023-24657
phpipam v1.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
Phpipam Phpipam 1.6
NA
CVE-2015-6529
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote malicious users to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
Phpipam Phpipam 1.1.010
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »