phpIPAM 1.5.1 - Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. id: CVE-2023-0676 info: name: phpIPAM 1.5.1 - Cross-site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to 1.5....

phpIPAM - 1.6 - Cross-Site Scripting

phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

PHPIPAM <v1.5.1 - Missing Authorization

In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via findfullsubnets.php endpoint. The bug lies in the fact that findfullsubnets.php does not verify if the user i...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

EUVD-2026-12249

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189 phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189 phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

CVE-2026-4189 affects phpipam up to version 1.7.4. The vulnerability lies in the file app/admin/sections/edit-result.php (Section Handler) where manipulating the subnetOrdering argument can lead to SQL injection. The issue enables remote attack potential and has publicly available exploit code. V...

PT-2026-25562

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

📄 phpIPAM 1.4 Code Execution / Local File Inclusion

A critical local file inclusion vulnerability exists in in index.php in phpIPAM version 1.4. Attackers can exploit this to read sensitive system files and potentially perform remote code execution. phpIPAM 1.4 LFI to RCE Exploit...

CVE-2018-10329

app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...

CVE-2018-1000860

phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'quqtl exploits an XSS vulnerability. that can result ...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

CVE-2022-23045

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

CVE-2024-41354

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via /app/admin/widgets/edit.php...

CVE-2024-41355

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via /app/tools/request-ip/index.php...