The vulnerability of the app/admin/custom-fields/filter.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.

The vulnerability of the app/admin/custom-fields/filter.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the app/admin/custom-fields/edit-result.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.

The vulnerability of the app/admin/custom-fields/edit-result.php web application for managing IP addresses via phpipam is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1

1.42.027-alt1 built Oct. 21, 2020 Alexey Shabalin in task 260176 Oct. 19, 2020 Alexey Shabalin - snapshot of 1.4 branch 0c66d2335a9dd13006c83ed64ae565a4a3cb7f0c - Update jQuery to address three CVE Vulnerabilities - Fixes: + CVE-2020-11022 + CVE-2020-11023 + CVE-2019-11358...

phpIPAM < 1.4.2 XSS Vulnerability

phpIPAM is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam";...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

Cross site scripting

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

CVE-2020-13225

CVE-2020-13225 affects phpIPAM 1.4 and is a stored cross-site scripting (XSS) vulnerability in the Edit User Instructions field of the User Instructions widget. The issue arises from insufficient input validation, allowing injected scripts to be stored and potentially executed in the context of t...

phpIPAM cross-site scripting vulnerability (CNVD-2020-34452)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in phpIPAM version 1.4. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerabili...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

Cross site request forgery (csrf)

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

CVE-2020-7988

The vulnerability CVE-2020-7988 affects phpIPAM 1.4, where tools/pass-change/result.php is exploitable via CSRF to change passwords for any user/admin due to no requirement to supply the old password and absence of security tokens. This can lead to privilege escalation and access to additional da...

phpIPAM 1.4 - SQL Injection Vulnerability

Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net...

phpIPAM 1.4 - SQL Injection

phpIPAM 1.4 - SQL Injection !/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net Software Link:...

phpIPAM 1.4 SQL Injection

!/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net Software Link:...

phpIPAM 1.4 - SQL Injection

!/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net Software Link:...

Exploit for SQL Injection in Phpipam

CVE-2019-166...