Phpipam: >> Phpipam >> 1.5.0 Security Vulnerabilities
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-10-02
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-03-07
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-07
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVSS Score
2.4
EPSS Score
0.004
Published
2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-02-04
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
CVSS Score
7.5
EPSS Score
0.722
Published
2023-02-04
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-10-03
Page 2