517 matches found
CVE-2024-41357
CVE-2024-41357 affects phpIPAM version 1.6, with a Cross Site Scripting (XSS) vulnerability in the /app/admin/powerDNS/record-edit.php endpoint. The issue is confirmed across multiple feeds (NVD, Red Hat advisories, OSV, Exploit-DB) and relates to untrusted input handling in that file. The availa...
The vulnerability of the /users/ad-search-result.php web application for phpipam allows a violator to disclose protected information.
The vulnerability of the /users/ad-search-result.php web application for managing IP addresses in phpipam exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
CVE-2023-41580
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...
CVE-2023-41580
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...
CVE-2023-41580
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...
Design/Logic Flaw
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...
CVE-2023-41580
PhpIPAM
CVE-2023-41580
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...
PT-2023-7010 · Phpipam · Phpipam
Name of the Vulnerable Software and Affected Versions: phpipam versions prior to 1.5.2 Description: The issue allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. This is possible due to a LDAP injection vulnerability via the dnam...
CVE-2023-41580
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...
CVE-2023-4965
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been...
CVE-2023-4965
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been...
Open redirect
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been...
CVE-2023-4965
CVE-2023-4965 affects phpipam 1.5.1 via the Header Handler; manipulating the X-Forwarded-Host header leads to an open redirect, exploitable remotely and publicly disclosed (VDB-239732). Documented impact signals low to no confidentiality/integrity/availability effects, with no explicit patch/vers...
CVE-2023-4965 phpipam Header redirect
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been...
CVE-2023-4965 phpipam Header redirect
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been...
phpIPAM Input Validation Error Vulnerability
phpIPAM is an open source PHP and MySQL based IP address management application IPAM. An input validation error vulnerability exists in phpIPAM version 1.5.1, which stems from an open redirection issue with the parameter X-Forwarded-Host...
PT-2023-31278 · Phpipam · Phpipam
Name of the Vulnerable Software and Affected Versions: phpipam version 1.5.1 Description: A vulnerability was found in the component Header Handler of phpipam. The manipulation of the argument X-Forwarded-Host leads to open redirect. This issue can be exploited remotely. Recommendations: For...
The vulnerability in the script of the web application for managing IP addresses, app/admin/custom-fields/edit-result.php, allows a violator to execute arbitrary SQL commands.
The vulnerability in the script app/admin/custom-fields/edit-result.php of the IP address management web application, developed with PHPIPAM, relates to the lack of measures taken to protect the SQL query structure during the processing of user fields with the parameter fieldType=set&fieldSize='1...
phpIPAM < 1.5.2 XSS Vulnerability
phpIPAM is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam";...