Lucene search

VulDBCVELIST:CVE-2023-4965

HistorySep 14, 2023 - 8:00 p.m.

CVE-2023-4965 phpipam Header redirect

2023-09-1420:00:07

CWE-601

VulDB

www.cve.org

phpipam

vulnerability

header handler

CVSS2

3.3

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

26.6%

JSON

A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "phpipam",
    "versions": [
      {
        "version": "1.5.1",
        "status": "affected"
      }
    ],
    "modules": [
      "Header Handler"
    ]
  }
]

References

github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md

vuldb.com/?ctiid.239732

vuldb.com/?id.239732

CVSS2

3.3

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

26.6%

JSON

Related for CVELIST:CVE-2023-4965