CVE-2019-16692

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used...

CVE-2019-16692

CVE-2019-16692 — phpIPAM 1.4 SQL Injection is triggered via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. The vulnerability is a SQL injection in that component, as detailed by multiple sources, including the NVD/OSV records and public exploit references (...

CVE-2019-16693

CVE-2019-16693 affects phpIPAM 1.4 and is a SQL injection in app/admin/custom-fields/order.php when action=add is used. The vulnerability allows an attacker to manipulate the table parameter to extract or modify data via a crafted request (e.g., POST to /app/admin/custom-fields/order.php with tab...

CVE-2019-16693

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...

CVE-2019-16694

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...

CVE-2019-16694

CVE-2019-16694 affects phpIPAM 1.4 and is an SQL injection vulnerability in the admin function: the table parameter of app/admin/custom-fields/edit-result.php when action=add is used. Multiple sources (NVD, OSV, RH) document this vulnerability and list it as high/critical risk (CVSS v3.1: 9.8, NE...

CVE-2019-16695

CVE-2019-16695 affects phpIPAM 1.4, where SQL injection can be triggered via the app/admin/custom-fields/filter.php table parameter when action=add is used. The vulnerability is documented with high/critical impact (CVSS metrics: CVSSv3.1 base score 9.8; CVSSv2 base 7.5). Exploitation details, af...

CVE-2019-16695

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...

CVE-2019-16696

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...

CVE-2019-16696

CVE-2019-16696 affects phpIPAM 1.4, where an SQL injection is possible via the app/admin/custom-fields/edit.php table parameter when action=add is used. The vulnerability is documented across multiple sources (NVD entry and Red Hat advisory) with a high/severe impact, including potential unauthor...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

Cross site scripting

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

Summary (CVE-2019-1000010): phpIPAM versions 1.3.2 and earlier contain a Cross Site Scripting (XSS) vulnerability in the subnet-scan-telnet.php component. The issue allows an attacker to craft a link that, when visited by a user, can execute code in the victim’s browser. The vulnerability’s impac...

phpIPAM < 1.4 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpipam SQL injection vulnerability (CNVD-2019-43861)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in the /app/admin/nat/item-add-submit.php file in PHPipam version 1.3.2. An attacker can exploit this vulnerability to obtain information...

phpipam cross-site scripting vulnerability (CNVD-2019-43860)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the phpipamredirect cookie in PHPipam 1.3.2 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary code in a user's brows...

phpipam cross-site scripting vulnerability (CNVD-2019-43862)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the /app/admin/users/print-user.php file in PHPipam 1.3.2 and earlier versions. An attacker can exploit this vulnerability to execute code in a user's browser...

Sql injection

phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to hav...