📄 phpIPAM 1.4 Code Execution / Local File Inclusion

A critical local file inclusion vulnerability exists in in index.php in phpIPAM version 1.4. Attackers can exploit this to read sensitive system files and potentially perform remote code execution. phpIPAM 1.4 LFI to RCE Exploit...

CVE-2019-16692

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

Cross site request forgery (csrf)

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

CVE-2019-16696

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...

CVE-2019-16693

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...

CVE-2019-16692

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used...

CVE-2019-16694

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...

Sql injection

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...

Sql injection

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...

Sql injection

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...

CVE-2019-16692

CVE-2019-16692 — phpIPAM 1.4 SQL Injection is triggered via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. The vulnerability is a SQL injection in that component, as detailed by multiple sources, including the NVD/OSV records and public exploit references (...

CVE-2019-16693

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...

CVE-2019-16694

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...

CVE-2019-16695

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...

CVE-2019-16696

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...