Vulnerabilities > Phpipam

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2022-23046 SQL Injection vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
network
low complexity
phpipam CWE-89
7.2
2021-06-23 CVE-2021-35438 Cross-site Scripting vulnerability in PHPipam 1.4.3
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
network
low complexity
phpipam CWE-79
6.1
2020-05-20 CVE-2020-13225 Cross-site Scripting vulnerability in PHPipam 1.4
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
network
low complexity
phpipam CWE-79
4.8
2020-03-04 CVE-2020-7988 Cross-Site Request Forgery (CSRF) vulnerability in PHPipam 1.4
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4.
network
low complexity
phpipam CWE-352
8.8
2019-09-22 CVE-2019-16696 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16695 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16694 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16693 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16692 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-02-04 CVE-2019-1000010 Cross-site Scripting vulnerability in PHPipam
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser.
network
low complexity
phpipam CWE-79
6.1