RSS   Vulnerabilities for 'Phpipam'   RSS

2022-04-04
 
CVE-2022-1223

CWE-284
 

 
Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6.

 
 
CVE-2022-1224

CWE-863
 

 
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.

 
 
CVE-2022-1225

CWE-266
 

 
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.

 
2022-03-25
 
CVE-2021-46426

CWE-79
 

 
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.

 
2022-01-19
 
CVE-2022-23045

CWE-79
 

 
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.

 
 
CVE-2022-23046

CWE-89
 

 
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php

 
2021-06-23
 
CVE-2021-35438

CWE-79
 

 
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.

 
2020-05-20
 
CVE-2020-13225

CWE-79
 

 
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.

 
2020-03-04
 
CVE-2020-7988

CWE-352
 

 
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.

 
2019-09-22
 
CVE-2019-16696

CWE-89
 

 
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.

 


Copyright 2024, cxsecurity.com

 

Back to Top