CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Phpipam: >> Phpipam >> 1.4.4 Security Vulnerabilities

CVE-2021-46426

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.

CVSS Score

6.1

EPSS Score

0.005

Published

2022-03-25

CVE-2022-23045

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.

CVSS Score

4.8

EPSS Score

0.003

Published

2022-01-19

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php

CVSS Score

7.2

EPSS Score

0.511

Published

2022-01-19

Page 3

Vulnerabilities

Vulnerable Software

Phpipam: >> Phpipam >> 1.4.4 Security Vulnerabilities

Products

Pricing

Contact Us