Phpipam: >> Phpipam >> 1.4 Security Vulnerabilities
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-05-20
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-03-04
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.206
Published
2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-22
Page 3