Vulnerabilities > Phpipam

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-19	CVE-2022-23045	Cross-site Scripting vulnerability in PHPipam 1.4.4 PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. network low complexity phpipam CWE-79	4.8
2022-01-19	CVE-2022-23046	SQL Injection vulnerability in PHPipam 1.4.4 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php network low complexity phpipam CWE-89	7.2
2021-06-23	CVE-2021-35438	Cross-site Scripting vulnerability in PHPipam 1.4.3 phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. network low complexity phpipam CWE-79	6.1
2020-05-20	CVE-2020-13225	Cross-site Scripting vulnerability in PHPipam 1.4 phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. network low complexity phpipam CWE-79	4.8
2020-03-04	CVE-2020-7988	Cross-Site Request Forgery (CSRF) vulnerability in PHPipam 1.4 An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. network low complexity phpipam CWE-352	8.8
2019-09-22	CVE-2019-16696	SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. network low complexity phpipam CWE-89 critical	9.8
2019-09-22	CVE-2019-16695	SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. network low complexity phpipam CWE-89 critical	9.8
2019-09-22	CVE-2019-16694	SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. network low complexity phpipam CWE-89 critical	9.8
2019-09-22	CVE-2019-16693	SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. network low complexity phpipam CWE-89 critical	9.8
2019-09-22	CVE-2019-16692	SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. network low complexity phpipam CWE-89 critical	9.8

Vulnerabilities > Phpipam {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phpipam"}]}

Vulnerabilities > Phpipam