Vulnerabilities > Phpipam

DATE CVE VULNERABILITY TITLE RISK
2020-05-20 CVE-2020-13225 Cross-site Scripting vulnerability in PHPipam 1.4
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
network
low complexity
phpipam CWE-79
4.8
2020-03-04 CVE-2020-7988 Cross-Site Request Forgery (CSRF) vulnerability in PHPipam 1.4
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4.
network
low complexity
phpipam CWE-352
8.8
2019-09-22 CVE-2019-16696 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16695 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16694 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16693 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-09-22 CVE-2019-16692 SQL Injection vulnerability in PHPipam
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
network
low complexity
phpipam CWE-89
critical
9.8
2019-02-04 CVE-2019-1000010 Cross-site Scripting vulnerability in PHPipam
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser.
network
low complexity
phpipam CWE-79
6.1
2018-12-20 CVE-2018-1000870 Cross-site Scripting vulnerability in PHPipam
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser.
network
low complexity
phpipam CWE-79
5.4
2018-12-20 CVE-2018-1000869 SQL Injection vulnerability in PHPipam 1.3.2
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection..
network
low complexity
phpipam CWE-89
critical
9.8