Phpipam
by Phpipam
Source repositories
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41580 | Hig | 0.00 | 7.5 | 0.01 | Oct 2, 2023 | Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. | ||
| CVE-2023-1212 | Med | 0.00 | 4.8 | 0.00 | Mar 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. | ||
| CVE-2023-0677 | Med | 0.00 | 6.1 | 0.00 | Feb 4, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. | ||
| CVE-2023-0676 | Med | 0.00 | 6.1 | 0.02 | Feb 4, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | ||
| CVE-2022-3845 | Low | 0.00 | 2.4 | 0.01 | Nov 2, 2022 | A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting.… | ||
| CVE-2022-1225 | Med | 0.00 | 6.5 | 0.01 | Apr 4, 2022 | Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. | ||
| CVE-2022-1224 | Med | 0.00 | 6.5 | 0.01 | Apr 4, 2022 | Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||
| CVE-2022-1223 | Med | 0.00 | 6.5 | 0.01 | Apr 4, 2022 | Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||
| CVE-2021-46426 | Med | 0.00 | 6.1 | 0.01 | Mar 25, 2022 | phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. | ||
| CVE-2019-1000010 | Med | 0.00 | 6.1 | 0.01 | Feb 4, 2019 | phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears… | ||
| CVE-2018-1000870 | Med | 0.00 | 5.4 | 0.01 | Dec 20, 2018 | PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in… | ||
| CVE-2018-1000869 | Cri | 0.00 | 9.8 | 0.02 | Dec 20, 2018 | phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This… | ||
| CVE-2015-6529 | 0.00 | — | 0.02 | Aug 20, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php. |
- risk 0.00cvss 7.5epss 0.01
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.
- risk 0.00cvss 4.8epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
- risk 0.00cvss 6.1epss 0.00
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
- risk 0.00cvss 6.1epss 0.02
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
- risk 0.00cvss 2.4epss 0.01
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting.…
- risk 0.00cvss 6.5epss 0.01
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
- risk 0.00cvss 6.5epss 0.01
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
- risk 0.00cvss 6.5epss 0.01
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
- risk 0.00cvss 6.1epss 0.01
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
- risk 0.00cvss 6.1epss 0.01
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears…
- risk 0.00cvss 5.4epss 0.01
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in…
- risk 0.00cvss 9.8epss 0.02
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This…
- CVE-2015-6529Aug 20, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
Page 3 of 3