CVE-2022-1224

CVE-2022-1224 affects phpIPAM prior to 1.4.6 and is described as an Improper Authorization vulnerability in the GitHub repository phpipam/phpipam. Multiple sources (NVD, Red Hat, CVE lists, and related advisories) corroborate that an insufficient authorization check allows access to potentially r...

phpIPAM 安全漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A security vulnerability exists in versions prior to phpipam 1.4.6 that stems from incorrect authorization in the application...

phpIPAM 访问控制错误漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. An access control error vulnerability exists in versions prior to phpipam 1.4.6. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

phpIPAM 安全漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A security vulnerability exists in versions prior to phpipam 1.4.6 that stems from incorrect privilege assignment in the application...

CVE-2021-46426

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/findfreesectionsubnets.php of the subnets functionality...

CVE-2021-46426

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/findfreesectionsubnets.php of the subnets functionality...

Cross site scripting

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/findfreesectionsubnets.php of the subnets functionality...

CVE-2021-46426

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/findfreesectionsubnets.php of the subnets functionality...

CVE-2021-46426

PHPIPAM 1.4.4 is vulnerable to Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php. The root cause is improper input handling in the subnets endpoint, enabling XSS and CSRF (CVSSv3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N; base 6.1). Exploitation details are not provided in t...

phpIPAM 跨站脚本漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A security vulnerability exists in phpIPAM version 1.4.4, which stems from a vulnerability in phpIPAM version 1.4.4 that allows a reflective cross-site scripting attack and cross-site request forgery via the...

PT-2022-12701 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpIPAM version 1.4.4 Description: The issue allows for Reflected XSS and CSRF attacks via the "app/admin/subnets/find free section subnets.php" endpoint of the subnets functionality. Recommendations: For phpIPAM version 1.4.4, consider...

Exploit for SQL Injection in Phpipam

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin u...

Cross-site Scripting (XSS) - Reflected in phpipam/phpipam

Description Cross-Site Scripting vulnerability which allows attackers to execute arbitrary javascript code in the browser of a victim which affected import Data set feature via a spreadSheet file upload. Proof of Concept Endpoint 1 POST http://HOST/app/admin/import-export/import-vlan-preview.php ...

in phpipam/phpipam

Description The phpIPAM 1.4.5 incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor in the Import/Export feature. A normal user with the role of User could download XLS file of IP addresses, hostfile dump and export system database that...

Improper Authorization in phpipam/phpipam

Description In phpIPAM 1.4.5, a normal user with the role of Usercould view/read the log files via show-logs.php, errorlogs.php and accesslogs.php endpoints. It is supposedly accessible by the Administrator only. Proof of Concept Tested version: phpIPAM 1.4.5 Affected endpoints: 1 GET/POST...

Improper Access Control in phpipam/phpipam

Description In phpIPAM 1.4.5, a normal user with the role of User could download or export IP subnets that may contain sensitive information related data such as IP address, IP state, MAC, owner, hostname and device via export-subnet.php endpoint. The bug is the export-subnet.php should verify th...

Security fix for the ALT Linux 9 package phpipam version 1.45.031-alt1

1.45.031-alt1 built Feb. 1, 2022 Alexey Shabalin in task 294095 Jan. 25, 2022 Alexey Shabalin - 1.4.5 Release Fixes: CVE-2020-7988...

PHPIPAM 1.4.4 - SQL injection (Authenticated) Exploit

Exploit Title: PHPIPAM 1.4.4 - SQLi Authenticated Google Dork: if applicable Exploit Author: Rodolfo "Inc0gbyt3" Tavares Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.4.4 Tested on: Linux/Windows CVE : CVE-2022-23046 import reques...

PHPIPAM 1.4.4 - SQLi (Authenticated)

Exploit Title: PHPIPAM 1.4.4 - SQLi Authenticated Google Dork: if applicable Date: 20/01/2022 Exploit Author: Rodolfo "Inc0gbyt3" Tavares Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.4.4 Tested on: Linux/Windows CVE :...

PHPIPAM 1.4.4 SQL Injection

Exploit Title: PHPIPAM 1.4.4 - SQLi Authenticated Google Dork: if applicable Date: 20/01/2022 Exploit Author: Rodolfo "Inc0gbyt3" Tavares Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.4.4 Tested on: Linux/Windows CVE :...