VYPR

Phpipam

by Phpipam

Source repositories

CVEs (53)

  • CVE-2023-41580HigOct 2, 2023
    risk 0.00cvss 7.5epss 0.01

    Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.

  • CVE-2023-1212MedMar 7, 2023
    risk 0.00cvss 4.8epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.

  • CVE-2023-0677MedFeb 4, 2023
    risk 0.00cvss 6.1epss 0.00

    Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.

  • CVE-2023-0676MedFeb 4, 2023
    risk 0.00cvss 6.1epss 0.02

    Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.

  • CVE-2022-3845LowNov 2, 2022
    risk 0.00cvss 2.4epss 0.01

    A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting.…

  • CVE-2022-1225MedApr 4, 2022
    risk 0.00cvss 6.5epss 0.01

    Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.

  • CVE-2022-1224MedApr 4, 2022
    risk 0.00cvss 6.5epss 0.01

    Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.

  • CVE-2022-1223MedApr 4, 2022
    risk 0.00cvss 6.5epss 0.01

    Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.

  • CVE-2021-46426MedMar 25, 2022
    risk 0.00cvss 6.1epss 0.01

    phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.

  • CVE-2019-1000010MedFeb 4, 2019
    risk 0.00cvss 6.1epss 0.01

    phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears…

  • CVE-2018-1000870MedDec 20, 2018
    risk 0.00cvss 5.4epss 0.01

    PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in…

  • CVE-2018-1000869CriDec 20, 2018
    risk 0.00cvss 9.8epss 0.02

    phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This…

  • CVE-2015-6529Aug 20, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.

Page 3 of 3