CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

EUVD-2026-12249

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

phpIPAM SQL注入漏洞

phpIPAM is an open-source IP address management application IPAM based on PHP and MySQL. Versions of phpipam 1.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file app/admin/sections/edit-result.php, specifically the...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189 phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

CVE-2026-4189 affects phpipam up to version 1.7.4. The vulnerability lies in the file app/admin/sections/edit-result.php (Section Handler) where manipulating the subnetOrdering argument can lead to SQL injection. The issue enables remote attack potential and has publicly available exploit code. V...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

EUVD-2025-202256

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

PT-2025-50154

Name of the Vulnerable Software and Affected Versions phpIPAM version 1.7.3 Description A cross-site scripting XSS issue exists in the Request IP form within phpIPAM. This allows attackers to inject arbitrary web scripts or HTML code through the instructions parameter of the...

CVE-2025-61078

CVE-2025-61078 affects phpIPAM v1.7.3. The vulnerability is a cross-site scripting (XSS) flaw in the Request IP form, exploitable via the instructions parameter sent to /app/admin/instructions/edit-result.php. Impact is potential HTML/script injection leading to user-compromise of the affected we...

phpIPAM 1.5.1 - SQL Injection

Exploit Title: phpIPAM 1.5.1 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2023-1211 Proof Of Concept POST...

PT-2023-2058

Name of the Vulnerable Software and Affected Versions phpipam versions prior to 1.5.2 Description The issue is related to a lack of protection against SQL query structure manipulation in the app/admin/custom-fields/edit-result.php script of the phpipam web application for IP address management...