phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Date: 2022-04-10 Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS...

phpIPAM 1.4.5 - Remote Code Execution (Authenticated) Exploit

Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS !/usr/bin/env python3...

Exploit for SQL Injection in Phpipam

CVE-2022-23046 PHPIPAM 1.4.4 - SQLi Authenticated Orig...

PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Vulnerability...

PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting

===== Tempest Security Intelligence - ADV-03/2022 ========================== PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed description Timelin...

phpIPAM < 1.4.6 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...

CVE-2022-1224

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-1223

Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-1225

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

Authorization

Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

Privilege escalation

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

Authorization

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-1225

CVE-2022-1225 affects phpIPAM prior to 1.4.6, where an incorrect privilege assignment could allow a normal user to access export endpoints (e.g., generate-xls.php, generate-hosts.php, generate-mysql.php) and leak sensitive data. The connected Huntr entry details real-world paths and impact, indic...

CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-1223 Incorrect Authorization in phpipam/phpipam

Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-1223 Incorrect Authorization in phpipam/phpipam

Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-1223

CVE-2022-1223 refers to an incorrect authorization issue in the phpIPAM project before version 1.4.6. The available records consistently describe an access-control flaw in phpIPAM’s GitHub repository leading to potential exposure of subnet data due to improper permission checks. The vulnerability...

CVE-2022-1224 Improper Authorization in phpipam/phpipam

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-1224 Improper Authorization in phpipam/phpipam

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...