Vulnerabilities > Phpipam
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-19 | CVE-2022-23046 | SQL Injection vulnerability in PHPipam 1.4.4 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php | 7.2 |
| 2021-06-23 | CVE-2021-35438 | Cross-site Scripting vulnerability in PHPipam 1.4.3 phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. | 6.1 |
| 2020-05-20 | CVE-2020-13225 | Cross-site Scripting vulnerability in PHPipam 1.4 phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. | 4.8 |
| 2020-03-04 | CVE-2020-7988 | Cross-Site Request Forgery (CSRF) vulnerability in PHPipam 1.4 An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. | 8.8 |
| 2019-09-22 | CVE-2019-16696 | SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. | 9.8 |
| 2019-09-22 | CVE-2019-16695 | SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. | 9.8 |
| 2019-09-22 | CVE-2019-16694 | SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. | 9.8 |
| 2019-09-22 | CVE-2019-16693 | SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | 9.8 |
| 2019-09-22 | CVE-2019-16692 | SQL Injection vulnerability in PHPipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. | 9.8 |
| 2019-02-04 | CVE-2019-1000010 | Cross-site Scripting vulnerability in PHPipam phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. | 6.1 |