Vulnerabilities > Phpipam

DATE CVE VULNERABILITY TITLE RISK
2022-04-04 CVE-2022-1223 Incorrect Authorization vulnerability in PHPipam
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
network
low complexity
phpipam CWE-863
6.5
2022-04-04 CVE-2022-1224 Incorrect Authorization vulnerability in PHPipam
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
network
low complexity
phpipam CWE-863
4.0
2022-04-04 CVE-2022-1225 Incorrect Privilege Assignment vulnerability in PHPipam
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
network
low complexity
phpipam CWE-266
4.0
2022-03-25 CVE-2021-46426 Unspecified vulnerability in PHPipam 1.4.4
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
network
phpipam
4.3
2022-01-19 CVE-2022-23045 Cross-site Scripting vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings.
network
phpipam CWE-79
3.5
2022-01-19 CVE-2022-23046 SQL Injection vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
network
low complexity
phpipam CWE-89
6.5
2021-06-23 CVE-2021-35438 Cross-site Scripting vulnerability in PHPipam 1.4.3
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
network
phpipam CWE-79
4.3
2020-05-20 CVE-2020-13225 Cross-site Scripting vulnerability in PHPipam 1.4
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
network
phpipam CWE-79
3.5
2020-03-04 CVE-2020-7988 Cross-Site Request Forgery (CSRF) vulnerability in PHPipam 1.4
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4.
network
phpipam CWE-352
6.8
2019-09-22 CVE-2019-16696 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
7.5