phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Date: 2022-04-10 Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS...

in phpipam/phpipam

Description The phpIPAM 1.4.5 incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor in the Import/Export feature. A normal user with the role of User could download XLS file of IP addresses, hostfile dump and export system database that...

Improper Authorization in phpipam/phpipam

Description In phpIPAM 1.4.5, a normal user with the role of Usercould view/read the log files via show-logs.php, errorlogs.php and accesslogs.php endpoints. It is supposedly accessible by the Administrator only. Proof of Concept Tested version: phpIPAM 1.4.5 Affected endpoints: 1 GET/POST...