Shodan
Vulnerabilities
Vulnerable Software
Phpipam:  >> Phpipam  Security Vulnerabilities
CVE-2022-1225
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-04
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-03-25
CVE-2022-23045
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-01-19
CVE-2022-23046
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
CVSS Score
7.2
EPSS Score
0.511
Published
2022-01-19
CVE-2021-35438
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-23
CVE-2020-13225
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-05-20
CVE-2020-7988
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-03-04
CVE-2019-16695
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-22
CVE-2019-16696
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-22
CVE-2019-16692
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.206
Published
2019-09-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved