Vulnerabilities > Phpipam

DATE CVE VULNERABILITY TITLE RISK
2023-02-04 CVE-2023-0678 Missing Authorization vulnerability in PHPipam
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
network
low complexity
phpipam CWE-862
5.3
2022-11-02 CVE-2022-3845 Cross-site Scripting vulnerability in PHPipam
A vulnerability has been found in phpipam and classified as problematic.
network
low complexity
phpipam CWE-79
6.1
2022-10-03 CVE-2022-41443 Improper Encoding or Escaping of Output vulnerability in PHPipam 1.5.0
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
network
low complexity
phpipam CWE-116
critical
9.8
2022-04-04 CVE-2022-1223 Incorrect Authorization vulnerability in PHPipam
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
network
low complexity
phpipam CWE-863
6.5
2022-04-04 CVE-2022-1224 Incorrect Authorization vulnerability in PHPipam
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
network
low complexity
phpipam CWE-863
6.5
2022-04-04 CVE-2022-1225 Incorrect Privilege Assignment vulnerability in PHPipam
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
network
low complexity
phpipam CWE-266
6.5
2022-03-25 CVE-2021-46426 Cross-site Scripting vulnerability in PHPipam 1.4.4
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
network
low complexity
phpipam CWE-79
6.1
2022-01-19 CVE-2022-23045 Cross-site Scripting vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings.
network
low complexity
phpipam CWE-79
4.8
2022-01-19 CVE-2022-23046 SQL Injection vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
network
low complexity
phpipam CWE-89
7.2
2021-06-23 CVE-2021-35438 Cross-site Scripting vulnerability in PHPipam 1.4.3
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
network
low complexity
phpipam CWE-79
6.1