Vulnerabilities > Phpipam > Phpipam > 1.4.4

DATE CVE VULNERABILITY TITLE RISK
2023-10-02 CVE-2023-41580 Injection vulnerability in PHPipam
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php.
network
low complexity
phpipam CWE-74
7.5
2023-03-07 CVE-2023-1211 SQL Injection vulnerability in PHPipam
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
network
low complexity
phpipam CWE-89
7.2
2023-03-07 CVE-2023-1212 Cross-site Scripting vulnerability in PHPipam
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
network
low complexity
phpipam CWE-79
4.8
2023-02-04 CVE-2023-0676 Cross-site Scripting vulnerability in PHPipam
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
network
low complexity
phpipam CWE-79
6.1
2023-02-04 CVE-2023-0677 Cross-site Scripting vulnerability in PHPipam
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
network
low complexity
phpipam CWE-79
6.1
2023-02-04 CVE-2023-0678 Missing Authorization vulnerability in PHPipam
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
network
low complexity
phpipam CWE-862
5.3
2022-11-02 CVE-2022-3845 Cross-site Scripting vulnerability in PHPipam
A vulnerability has been found in phpipam and classified as problematic.
network
low complexity
phpipam CWE-79
6.1
2022-04-04 CVE-2022-1223 Incorrect Authorization vulnerability in PHPipam
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
network
low complexity
phpipam CWE-863
6.5
2022-03-25 CVE-2021-46426 Unspecified vulnerability in PHPipam 1.4.4
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
network
phpipam
4.3
2022-01-19 CVE-2022-23045 Cross-site Scripting vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings.
network
phpipam CWE-79
3.5