CVE-2019-16694

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...

CVE-2019-16694

CVE-2019-16694 affects phpIPAM 1.4 and is an SQL injection vulnerability in the admin function: the table parameter of app/admin/custom-fields/edit-result.php when action=add is used. Multiple sources (NVD, OSV, RH) document this vulnerability and list it as high/critical risk (CVSS v3.1: 9.8, NE...

CVE-2019-16695

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...

CVE-2019-16695

CVE-2019-16695 affects phpIPAM 1.4, where SQL injection can be triggered via the app/admin/custom-fields/filter.php table parameter when action=add is used. The vulnerability is documented with high/critical impact (CVSS metrics: CVSSv3.1 base score 9.8; CVSSv2 base 7.5). Exploitation details, af...

CVE-2019-16696

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...

CVE-2019-16696

CVE-2019-16696 affects phpIPAM 1.4, where an SQL injection is possible via the app/admin/custom-fields/edit.php table parameter when action=add is used. The vulnerability is documented across multiple sources (NVD entry and Red Hat advisory) with a high/severe impact, including potential unauthor...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

Cross site scripting

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

Summary (CVE-2019-1000010): phpIPAM versions 1.3.2 and earlier contain a Cross Site Scripting (XSS) vulnerability in the subnet-scan-telnet.php component. The issue allows an attacker to craft a link that, when visited by a user, can execute code in the victim’s browser. The vulnerability’s impac...

phpIPAM < 1.4 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpipam cross-site scripting vulnerability (CNVD-2019-43860)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the phpipamredirect cookie in PHPipam 1.3.2 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary code in a user's brows...

phpipam SQL injection vulnerability (CNVD-2019-43861)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in the /app/admin/nat/item-add-submit.php file in PHPipam version 1.3.2. An attacker can exploit this vulnerability to obtain information...

phpipam cross-site scripting vulnerability (CNVD-2019-43862)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the /app/admin/users/print-user.php file in PHPipam 1.3.2 and earlier versions. An attacker can exploit this vulnerability to execute code in a user's browser...

Cross site scripting

phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'alert1quqtl exploits an XSS vulnerability. that can...

Sql injection

phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to hav...

Design/Logic Flaw

PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...

CVE-2018-1000860

phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'alert1quqtl exploits an XSS vulnerability. that can...

CVE-2018-1000869

phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to hav...