phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
phpipam phpipam
Exploit code for CVE-2019-16692
CVE-2019-16692 Exploit code for CVE-2019-16692, a phpIPAM vulnerability