89 matches found
EUVD-2022-44636
Malicious code in bioql PyPI...
EUVD-2024-39025
Malicious code in bioql PyPI...
CVE-2024-0787
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'getuserip' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the...
CVE-2023-41580
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...
CVE-2023-4965
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been...
CVE-2023-24657
phpipam v1.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the closeClass parameter at /subnet-masks/popup.php...
CVE-2022-41443
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...
CVE-2022-1226
A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...
CVE-2022-1225
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...
CVE-2022-3845
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...
CVE-2021-35438
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator...
CVE-2018-1000870
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...
CVE-2019-16695
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...
📄 phpIPAM 1.6 Cross Site Scripting
phpIPAM version 1.6 suffers from a cross site scripting vulnerability. Exploit Title: phpIPAM 1.6 Reflected XSS via closeClass Parameter in popup.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam...
phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
Exploit Title: phpIPAM 1.6 - Reflected Cross Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.5.1 Tested on: Ubuntu Windows CVE : CVE-2023-24657 PoC:...
phpIPAM cross-site scripting vulnerability (CNVD-2025-06929)
phpIPAM is phpIPAM open source set of open source PHP and MySQL based IP address management application IPAM. phpIPAM suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...
CVE-2024-55093
phpIPAM through 1.7.3 has a reflected Cross-Site Scripting XSS vulnerability in the install scripts...
CVE-2024-55093
phpIPAM through 1.7.3 has a reflected Cross-Site Scripting XSS vulnerability in the install scripts...
CVE-2024-55093
phpIPAM through 1.7.3 has a reflected Cross-Site Scripting XSS vulnerability in the install scripts...
CVE-2024-55093
phpIPAM 1.7.3 has a reflected XSS vulnerability in the install scripts. The provided documents do not include exploitation details or a remediation/version fix.