Vulnerabilities > Phpipam > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2022-1225 | Incorrect Privilege Assignment vulnerability in PHPipam Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. | 4.0 |
| 2022-03-25 | CVE-2021-46426 | Unspecified vulnerability in PHPipam 1.4.4 phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. network phpipam | 4.3 |
| 2022-01-19 | CVE-2022-23046 | SQL Injection vulnerability in PHPipam 1.4.4 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php | 6.5 |
| 2021-06-23 | CVE-2021-35438 | Cross-site Scripting vulnerability in PHPipam 1.4.3 phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. | 4.3 |
| 2020-03-04 | CVE-2020-7988 | Cross-Site Request Forgery (CSRF) vulnerability in PHPipam 1.4 An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. | 6.8 |
| 2019-02-04 | CVE-2019-1000010 | Cross-site Scripting vulnerability in PHPipam phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. | 4.3 |
| 2018-04-24 | CVE-2018-10329 | Cross-site Scripting vulnerability in PHPipam 1.3.1 app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter. | 4.3 |
| 2017-03-05 | CVE-2017-6481 | Cross-site Scripting vulnerability in PHPipam Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. | 4.3 |
| 2015-08-20 | CVE-2015-6529 | Cross-site Scripting vulnerability in PHPipam 1.1.010 Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php. | 4.3 |