Vulnerabilities > Phpipam

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2022-23045 Cross-site Scripting vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings.
network
low complexity
phpipam CWE-79
4.8
2022-01-19 CVE-2022-23046 SQL Injection vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
network
low complexity
phpipam CWE-89
7.2
2021-06-23 CVE-2021-35438 Cross-site Scripting vulnerability in PHPipam 1.4.3
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
network
low complexity
phpipam CWE-79
6.1
2020-05-20 CVE-2020-13225 Cross-site Scripting vulnerability in PHPipam 1.4
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
network
low complexity
phpipam CWE-79
4.8
2020-03-04 CVE-2020-7988 Cross-Site Request Forgery (CSRF) vulnerability in PHPipam 1.4
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4.
network
low complexity
phpipam CWE-352
8.8
2019-09-22 CVE-2019-16696 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16695 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16694 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16693 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16692 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8