phpIPAM 授权问题问题漏洞

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM versions prior to 1.5.1 are vulnerable to authorization issues, which can be exploited by attackers to download the findfullsubnets.php endpoint containing sensitive information...

CVE-2023-0677 Cross-site Scripting (XSS) - Reflected in phpipam/phpipam

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1...

CVE-2023-0677 Cross-site Scripting (XSS) - Reflected in phpipam/phpipam

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1...

CVE-2023-0678 Missing Authorization in phpipam/phpipam

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1...

CVE-2023-0678

PHPIPAM

CVE-2023-0676

CVE-2023-0676 : phpIPAM prior to 1.5.1 is affected by a reflected Cross-site Scripting (XSS) vulnerability. The issue stems from how the application handles data in HTTP responses, allowing attacker-supplied input to execute scripts in a victim’s browser. Affected product/version: phpIPAM

CVE-2023-0677

CVE-2023-0677 is a reflected XSS affecting phpIPAM prior to version 1.5.1. Multiple connected sources confirm that the vulnerability originates from how user-supplied data is reflected in responses, with PoCs showing scripts injected via HTTP requests (e.g., crafting inputs like recipients). The ...

CVE-2023-0678 Missing Authorization in phpipam/phpipam

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1...

Improper authorization

Description In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via findfullsubnets.php endpoint. The bug lies in the fact that findfullsubnets.php does not verify i...

Cross Site Scripting (XSS) Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept https://github.com/phpipam/phpipam/blob/master/app/subnets/mail-notify-subnet.php look in line 94-9...

phpIPAM < 1.5.0 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...

CVE-2022-3845

A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...

CVE-2022-3845

A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...

Cross site scripting

A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...

CVE-2022-3845 phpipam Import Preview import-load-data.php cross site scripting

A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...

phpIPAM 跨站脚本漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A security vulnerability exists in phpIPAM that stems from a cross-site scripting issue with unknown functionality in the app/admin/import-export/import-load-data.php file of the Import Preview Handler component...

CVE-2022-3845 phpipam Import Preview import-load-data.php cross site scripting

A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be...

CVE-2022-3845

CVE-2022-3845 affects phpIPAM, specifically the Import Preview Handler. The vulnerability concerns an unknown functionality in the file app/admin/import-export/import-load-data.php which can be manipulated to trigger cross-site scripting (XSS). It is exploitable remotely and is tied to the phpIPA...

phpIPAM header injection vulnerability

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM version 1.5.0 is vulnerable to header injection, which stems from a lack of validation of input data in component/admin/subnets/ripe-query.php, and can be exploited by attackers to cause header injection...

phpIPAM <= 1.5.2 SSRF Vulnerability

phpIPAM is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...