CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

EUVD-2026-12249

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

phpIPAM SQL注入漏洞

phpIPAM is an open-source IP address management application IPAM based on PHP and MySQL. Versions of phpipam 1.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file app/admin/sections/edit-result.php, specifically the...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189 phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

CVE-2026-4189 affects phpipam up to version 1.7.4. The vulnerability lies in the file app/admin/sections/edit-result.php (Section Handler) where manipulating the subnetOrdering argument can lead to SQL injection. The issue enables remote attack potential and has publicly available exploit code. V...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

EUVD-2025-202256

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

CVE-2025-61078

Cross-site scripting XSS vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint...

PT-2025-50154

Name of the Vulnerable Software and Affected Versions phpIPAM version 1.7.3 Description A cross-site scripting XSS issue exists in the Request IP form within phpIPAM. This allows attackers to inject arbitrary web scripts or HTML code through the instructions parameter of the...

CVE-2025-61078

CVE-2025-61078 affects phpIPAM v1.7.3. The vulnerability is a cross-site scripting (XSS) flaw in the Request IP form, exploitable via the instructions parameter sent to /app/admin/instructions/edit-result.php. Impact is potential HTML/script injection leading to user-compromise of the affected we...

phpIPAM 1.5.1 - SQL Injection

Exploit Title: phpIPAM 1.5.1 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2023-1211 Proof Of Concept POST...

The vulnerability in the script of the web application for managing IP addresses, app/admin/custom-fields/edit-result.php, allows a violator to execute arbitrary SQL commands.

The vulnerability in the script app/admin/custom-fields/edit-result.php of the IP address management web application, developed with PHPIPAM, relates to the lack of measures taken to protect the SQL query structure during the processing of user fields with the parameter fieldType=set&fieldSize='1...

The vulnerability of the app/admin/custom-fields/edit-result.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.

The vulnerability of the app/admin/custom-fields/edit-result.php web application for managing IP addresses via phpipam is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PT-2023-2058

Name of the Vulnerable Software and Affected Versions phpipam versions prior to 1.5.2 Description The issue is related to a lack of protection against SQL query structure manipulation in the app/admin/custom-fields/edit-result.php script of the phpipam web application for IP address management...