Vulnerabilites related to phpIPAM - phpIPAM
Vulnerability from fkie_nvd
Published
2022-04-04 11:15
Modified
2024-11-21 06:40
Severity ?
Summary
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "18904167-103A-48E2-A8A6-075986A292B9", versionEndExcluding: "1.4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.", }, { lang: "es", value: "Una Autorización Inapropiada en el repositorio de GitHub phpipam/phpipam versiones anteriores a 1.4.6", }, ], id: "CVE-2022-1224", lastModified: "2024-11-21T06:40:17.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-04T11:15:08.067", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-04 11:15
Modified
2024-11-21 06:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "18904167-103A-48E2-A8A6-075986A292B9", versionEndExcluding: "1.4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.\n\n", }, { lang: "es", value: "Un Control de acceso Inapropiado en el repositorio de GitHub phpipam/phpipam versiones anteriores a 1.4.6", }, ], id: "CVE-2022-1223", lastModified: "2024-11-21T06:40:17.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-04T11:15:08.000", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-19 21:15
Modified
2024-11-21 06:47
Severity ?
Summary
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
References
| ▼ | URL | Tags | |
|---|---|---|---|
| help@fluidattacks.com | http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| help@fluidattacks.com | https://fluidattacks.com/advisories/mercury/ | Exploit, Third Party Advisory | |
| help@fluidattacks.com | https://github.com/phpipam/phpipam/releases/tag/v1.4.5 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fluidattacks.com/advisories/mercury/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/releases/tag/v1.4.5 | Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "8740D50B-34B1-44D3-B6CF-93047F04D587", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the \"subnet\" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php", }, { lang: "es", value: "PhpIPAM versión v1.4.4, permite a un usuario administrador autenticado inyectar sentencias SQL en el parámetro \"subnet\" mientras busca una subred por medio del archivo app/admin/routing/edit-bgp-mapping-search.php", }, ], id: "CVE-2022-23046", lastModified: "2024-11-21T06:47:52.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-19T21:15:09.120", references: [ { source: "help@fluidattacks.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html", }, { source: "help@fluidattacks.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://fluidattacks.com/advisories/mercury/", }, { source: "help@fluidattacks.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://fluidattacks.com/advisories/mercury/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, ], sourceIdentifier: "help@fluidattacks.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-08 06:15
Modified
2025-03-05 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/3738 | Exploit, Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/3738 | Exploit, Issue Tracking, Patch |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.6:*:*:*:*:*:*:*", matchCriteriaId: "76AB84E7-3B77-4A35-B047-7DE3D2D77950", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.", }, ], id: "CVE-2023-24657", lastModified: "2025-03-05T19:15:29.283", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-08T06:15:44.490", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/phpipam/phpipam/issues/3738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/phpipam/phpipam/issues/3738", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-07 00:15
Modified
2024-11-21 07:38
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "46DA6678-DF2A-4E72-8CC6-C70CA607810B", versionEndExcluding: "1.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.", }, ], id: "CVE-2023-1212", lastModified: "2024-11-21T07:38:40.797", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 4.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-07T00:15:09.300", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-05 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "8C1A0507-AFF1-40E0-A9EE-8F90BFF51833", versionEndIncluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.", }, { lang: "es", value: "Múltiples problemas de XSS han sido descubiertos en phpipam 1.2. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario a varias páginas (instrucciones en app/admin/instructions/preview.php; subnetId en app/admin/powerDNS/refresh-ptr-records.php). Un atacante podría ejecutar código HTML y scrip arbitrario en el navegador en el contexto del sitio web vulnerable.", }, ], id: "CVE-2017-6481", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-05T20:59:00.307", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96573", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/phpipam/phpipam/issues/992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96573", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/phpipam/phpipam/issues/992", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-21 21:29
Modified
2024-11-21 03:14
Severity ?
Summary
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/1521 | Third Party Advisory | |
| cve@mitre.org | https://github.com/phpipam/phpipam/releases/tag/1.3.1 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/1521 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/releases/tag/1.3.1 | Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "D438BFDC-ED6C-4E18-A5A1-A8ADA73120AA", versionEndExcluding: "1.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.", }, { lang: "es", value: "app/sections/user-menu.php en phpIPAM, en versiones anteriores a la 1.3.1 tiene Cross-Site Scripting (XSS) mediante el parámetro ip.", }, ], id: "CVE-2017-15640", lastModified: "2024-11-21T03:14:56.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-21T21:29:00.227", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/1521", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/releases/tag/1.3.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/1521", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/releases/tag/1.3.1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-04 11:15
Modified
2024-11-21 06:40
Severity ?
Summary
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "18904167-103A-48E2-A8A6-075986A292B9", versionEndExcluding: "1.4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.", }, { lang: "es", value: "Una Asignación Incorrecta de Privilegios en el repositorio de GitHub phpipam/phpipam versiones anteriores a 1.4.6", }, ], id: "CVE-2022-1225", lastModified: "2024-11-21T06:40:17.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-04T11:15:08.123", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-08-20 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.1.010:*:*:*:*:*:*:*", matchCriteriaId: "5AED069C-E4FD-4976-BDA7-A0BA3FF45F7E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en phpipam 1.1.010, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro section de site/error.php o (2) el parámetro ip de site/tools/searchResults.php.", }, ], id: "CVE-2015-6529", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-08-20T20:59:02.850", references: [ { source: "cve@mitre.org", url: "http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/133055/phpipam-1.1.010-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/536188/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/133055/phpipam-1.1.010-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/536188/100/0/threaded", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-19 21:15
Modified
2024-11-21 06:47
Severity ?
Summary
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| help@fluidattacks.com | https://fluidattacks.com/advisories/osbourne/ | Exploit, Third Party Advisory | |
| help@fluidattacks.com | https://github.com/phpipam/phpipam/releases/tag/v1.4.5 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fluidattacks.com/advisories/osbourne/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/releases/tag/v1.4.5 | Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "8740D50B-34B1-44D3-B6CF-93047F04D587", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site title\" parameter while updating the site settings. The \"Site title\" setting is injected in several locations which triggers the XSS.", }, { lang: "es", value: "PhpIPAM versión v1.4.4, permite a un usuario administrador autenticado inyectar código JavaScript persistente dentro del parámetro \"Site title\" mientras es actualizada la configuración del sitio. El parámetro \"Site title\" es inyectado en varias ubicaciones que desencadenan el ataque de tipo XSS", }, ], id: "CVE-2022-23045", lastModified: "2024-11-21T06:47:52.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-19T21:15:09.077", references: [ { source: "help@fluidattacks.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://fluidattacks.com/advisories/osbourne/", }, { source: "help@fluidattacks.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://fluidattacks.com/advisories/osbourne/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, ], sourceIdentifier: "help@fluidattacks.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-04 21:29
Modified
2024-11-21 04:17
Severity ?
Summary
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2327 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2327 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "263E5E1B-4833-43F0-B563-30ADE0F25EE0", versionEndIncluding: "1.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.", }, { lang: "es", value: "phpIPAM, en versiones 1.3.2 y anteriores, contiene una vulnerabilidad de Cross-Site Scripting (XSS) en subnet-scan-telnet.php que puede resultar en la ejecución de código en el navegador de la víctima. Este ataque parece ser explotable mediante una víctima que visita un enlace manipulado por un atacante. La vulnerabilidad parece haber sido solucionada en la versión 1.4.", }, ], id: "CVE-2019-1000010", lastModified: "2024-11-21T04:17:40.150", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-04T21:29:01.003", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2327", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-15 11:15
Modified
2024-11-19 15:53
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "896B6AA4-8068-41F4-ACD4-92893E5BB0AD", versionEndExcluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.", }, { lang: "es", value: "La versión 1.5.1 de phpIPAM contiene una vulnerabilidad que permite a un atacante eludir el mecanismo de bloqueo de direcciones IP para obtener por fuerza bruta las contraseñas de los usuarios mediante el encabezado 'X-Forwarded-For'. El problema se encuentra en la función 'get_user_ip()' de 'class.Common.php' en las líneas 1044 y 1045, donde se comprueba la presencia del encabezado 'X-Forwarded-For' y se utiliza en lugar de 'REMOTE_ADDR'. Esta vulnerabilidad permite a los atacantes realizar ataques por fuerza bruta en las cuentas de usuario, incluida la cuenta de administrador. El problema se ha corregido en la versión 1.7.0.", }, ], id: "CVE-2024-0787", lastModified: "2024-11-19T15:53:59.093", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-15T11:15:09.213", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/55c2056068be9f1359e967fcff64db6b7f4d00b5", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/840cb582-1feb-43ab-9cc4-e4b5a63c5bab", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-22 15:15
Modified
2024-11-21 04:30
Severity ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html | ||
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "5CE82745-8135-4737-967A-BCFE1EBF5353", versionEndIncluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.", }, { lang: "es", value: "phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/filter-result.php cuando es usado action=add.", }, ], id: "CVE-2019-16692", lastModified: "2024-11-21T04:30:59.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-22T15:15:13.827", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-23 15:15
Modified
2024-11-21 06:12
Severity ?
Summary
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/3351 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/3351 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "7DBADC84-B58D-4CEE-94CC-431A4833DA9D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.", }, { lang: "es", value: "phpIPAM versión 1.4.3, permite un ataque de tipo XSS reflejado por medio de los archivos app/dashboard/widgets/ipcalc-result.php y app/tools/ip-calculator/result.php de la calculadora de IP", }, ], id: "CVE-2021-35438", lastModified: "2024-11-21T06:12:18.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-23T15:15:08.627", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/3351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/3351", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-04 13:15
Modified
2024-11-21 07:37
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "6E6C6452-C85E-4BF3-B06C-1F81BB54FC5C", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.", }, ], id: "CVE-2023-0677", lastModified: "2024-11-21T07:37:36.633", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-04T13:15:12.633", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-04 13:15
Modified
2024-11-21 07:37
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "6E6C6452-C85E-4BF3-B06C-1F81BB54FC5C", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.", }, ], id: "CVE-2023-0676", lastModified: "2024-11-21T07:37:36.503", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-04T13:15:12.147", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-02 13:15
Modified
2024-11-21 08:21
Severity ?
Summary
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "46DA6678-DF2A-4E72-8CC6-C70CA607810B", versionEndExcluding: "1.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.", }, { lang: "es", value: "Se descubrió que Phpipam anterior a v1.5.2 contenía una vulnerabilidad de inyección LDAP a través del parámetro dname en /users/ad-search-result.php. Esta vulnerabilidad permite a los atacantes enumerar campos arbitrarios en el servidor LDAP y acceder a datos confidenciales mediante una solicitud POST manipulada.", }, ], id: "CVE-2023-41580", lastModified: "2024-11-21T08:21:19.257", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-02T13:15:09.797", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ehtec/phpipam-exploit", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/c451085476074943eb4056941005c0b61db566c5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ehtec/phpipam-exploit", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/c451085476074943eb4056941005c0b61db566c5", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-15 11:15
Modified
2024-11-19 15:30
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "423B42AB-F118-4DFE-89ED-2480875972AE", versionEndExcluding: "1.4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts.", }, { lang: "es", value: "Una vulnerabilidad de Cross-Site Scripting (XSS) en las versiones de phpipam/phpipam anteriores a la 1.4.7 permite a los atacantes ejecutar código JavaScript arbitrario en el navegador de una víctima. Esta vulnerabilidad afecta a la función de importación de conjuntos de datos mediante la carga de un archivo de hoja de cálculo. Los endpoints afectados incluyen import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php e import-l2dom-preview.php. La vulnerabilidad se puede explotar cargando un archivo de hoja de cálculo especialmente manipulado que contenga payloads de JavaScript maliciosaos, que luego se ejecutan en el contexto del navegador de la víctima. Esto puede provocar la desfiguración de sitios web, la ejecución de código JavaScript malicioso, el robo de cookies de usuario y el acceso no autorizado a las cuentas de usuario.", }, ], id: "CVE-2022-1226", lastModified: "2024-11-19T15:30:53.477", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 2.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-11-15T11:15:07.527", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/50e36b9e4fff5eaa51dc6e42bc684748da378002", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/3fdcf653-fe26-4592-94a1-98ce664618ec", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-02 20:15
Modified
2024-11-21 07:20
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/phpipam/phpipam/commit/22c797c3583001211fe7d31bccd3f1d4aeeb3bbc | Patch, Third Party Advisory | |
| cna@vuldb.com | https://github.com/phpipam/phpipam/releases/tag/v1.5.0 | Release Notes, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.212863 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/22c797c3583001211fe7d31bccd3f1d4aeeb3bbc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/releases/tag/v1.5.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.212863 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "B04A9209-158A-44F9-AD2B-3FA87901A478", versionEndExcluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en phpipam y clasificada como problemática. Una función desconocida del archivo app/admin/import-export/import-load-data.php del componente Import Preview Handler es afectada por esta vulnerabilidad. La manipulación conduce a Cross-Site Scripting (XSS). El ataque se puede lanzar de forma remota. La actualización a la versión 1.5.0 puede solucionar este problema. El nombre del parche es 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-212863.", }, ], id: "CVE-2022-3845", lastModified: "2024-11-21T07:20:21.310", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-02T20:15:11.537", references: [ { source: "cna@vuldb.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/22c797c3583001211fe7d31bccd3f1d4aeeb3bbc", }, { source: "cna@vuldb.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.5.0", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.212863", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/22c797c3583001211fe7d31bccd3f1d4aeeb3bbc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.5.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.212863", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-707", }, ], source: "cna@vuldb.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-22 15:15
Modified
2024-11-21 04:31
Severity ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "5CE82745-8135-4737-967A-BCFE1EBF5353", versionEndIncluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.", }, { lang: "es", value: "phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/edit.php cuando es usado action=add.", }, ], id: "CVE-2019-16696", lastModified: "2024-11-21T04:31:00.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-22T15:15:14.077", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-29 20:15
Modified
2025-04-16 14:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.6:*:*:*:*:*:*:*", matchCriteriaId: "76AB84E7-3B77-4A35-B047-7DE3D2D77950", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\\admin\\import-export\\import-load-data.php.", }, { lang: "es", value: "phpipam 1.6 es vulnerable a Cross Site Scripting (XSS) a través de app\\admin\\import-export\\import-load-data.php.", }, ], id: "CVE-2024-41358", lastModified: "2025-04-16T14:15:22.880", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-08-29T20:15:08.873", references: [ { source: "cve@mitre.org", url: "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2024-41358.md", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/phpipam/phpipam/issues/4148", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-07 00:15
Modified
2024-11-21 07:38
Severity ?
Summary
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "46DA6678-DF2A-4E72-8CC6-C70CA607810B", versionEndExcluding: "1.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.", }, ], id: "CVE-2023-1211", lastModified: "2024-11-21T07:38:40.673", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-07T00:15:09.220", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-22 15:15
Modified
2025-04-16 15:15
Severity ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2019-16693.md | ||
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "5CE82745-8135-4737-967A-BCFE1EBF5353", versionEndIncluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.", }, { lang: "es", value: "phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/order.php cuando es usado action=add.", }, ], id: "CVE-2019-16693", lastModified: "2025-04-16T15:15:44.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-22T15:15:13.890", references: [ { source: "cve@mitre.org", url: "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2019-16693.md", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-20 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2338 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2338 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "263E5E1B-4833-43F0-B563-30ADE0F25EE0", versionEndIncluding: "1.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..", }, { lang: "es", value: "phpipam, en versiones 1.3.2 y anteriores, contiene una vulnerabilidad Cross-Site Scripting (XSS). El valor de la cookie phpipamredirect se copia en una etiqueta HTML en la página de inicio de sesión encapsulada entre comillas simples. Editar el valor de la cookie r5zkh'>quqtl explota una vulnerabilidad Cross-Site Scripting (XSS) que puede resultar en la ejecución de código arbitrario en el navegador de la víctima. Este ataque debe encadenarse con otro exploit que permita al atacante configurar o modificar una cookie para el dominio de la instancia phpIPAM.", }, ], id: "CVE-2018-1000860", lastModified: "2024-11-21T03:40:30.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-20T17:29:00.517", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2338", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2338", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-25 16:15
Modified
2024-11-21 06:34
Severity ?
Summary
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "8740D50B-34B1-44D3-B6CF-93047F04D587", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.", }, { lang: "es", value: "phpIPAM versión 1.4.4 permite un ataque de tipo XSS reflejado y de tipo CSRF por medio de el archivo app/admin/subnets/find_free_section_subnets.php de la funcionalidad subnets", }, ], id: "CVE-2021-46426", lastModified: "2024-11-21T06:34:03.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-25T16:15:09.363", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/43", }, { source: "cve@mitre.org", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/phpipam", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/6c1f72816d6ac634e9c174057e008717d959f351", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "https://www.tempest.com.br", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/43", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/phpipam", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/6c1f72816d6ac634e9c174057e008717d959f351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.tempest.com.br", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-04-01 20:35
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits options page (https://demo.phpipam.net/tools/circuits/options/). An attacker can exploit this vulnerability to steal cookies, gain unauthorized access to user accounts, or redirect users to malicious websites. The vulnerability has been fixed in version 1.7.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "94A1B7BC-541E-4793-ABCF-B38C69F6EA6B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits options page (https://demo.phpipam.net/tools/circuits/options/). An attacker can exploit this vulnerability to steal cookies, gain unauthorized access to user accounts, or redirect users to malicious websites. The vulnerability has been fixed in version 1.7.0.", }, { lang: "es", value: "Se descubrió una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en phpipam/phpipam versión 1.5.2. Esta vulnerabilidad permite a un atacante inyectar scripts maliciosos en la aplicación, que pueden ejecutarse en el contexto de otros usuarios que visitan la página afectada. El problema ocurre en la página de opciones de circuitos (https://demo.phpipam.net/tools/circuits/options/). Un atacante puede explotar esta vulnerabilidad para robar cookies, obtener acceso no autorizado a cuentas de usuario o redirigir a usuarios a sitios web maliciosos. La vulnerabilidad se ha corregido en la versión 1.7.0.", }, ], id: "CVE-2024-10721", lastModified: "2025-04-01T20:35:45.840", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-20T10:15:19.020", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731", }, { source: "security@huntr.dev", tags: [ "Exploit", ], url: "https://huntr.com/bounties/a440a003-84c9-47b5-bfbd-675564abe3d8", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Exploit", ], url: "https://huntr.com/bounties/a440a003-84c9-47b5-bfbd-675564abe3d8", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-20 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2344 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2344 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8C72849A-ACD1-453F-87A1-FE3A28E84D11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.", }, { lang: "es", value: "phpIPAM 1.3.2 contiene una vulnerabilidad CWE-89 en /app/admin/nat/item-add-submit.php que puede resultar en una inyección SQL. El ataque parece ser explotable mediante un usuario malicioso que explote la vulnerabilidad para acceder a información a la que no puede acceder. La vulnerabilidad parece haber sido solucionada en la versión 1.4.", }, ], id: "CVE-2018-1000869", lastModified: "2024-11-21T03:40:32.327", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-20T17:29:00.737", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2344", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2344", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-04 13:15
Modified
2024-11-21 07:37
Severity ?
Summary
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/8d299377-be00-46dc-bebe-3d439127982f | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/8d299377-be00-46dc-bebe-3d439127982f | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "6E6C6452-C85E-4BF3-B06C-1F81BB54FC5C", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.", }, ], id: "CVE-2023-0678", lastModified: "2024-11-21T07:37:36.750", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-04T13:15:12.713", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/8d299377-be00-46dc-bebe-3d439127982f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/8d299377-be00-46dc-bebe-3d439127982f", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-03 16:15
Modified
2024-11-21 07:23
Severity ?
Summary
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "6450C86E-E3DE-47FB-A6E4-4E101E4BC56F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.", }, { lang: "es", value: "Se ha detectado que phpipam versión v1.5.0, contiene una vulnerabilidad de inyección de encabezado por medio del componente /admin/subnets/ripe-query.php", }, ], id: "CVE-2022-41443", lastModified: "2024-11-21T07:23:14.637", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-03T16:15:13.937", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-22 15:15
Modified
2024-11-21 04:30
Severity ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "5CE82745-8135-4737-967A-BCFE1EBF5353", versionEndIncluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.", }, { lang: "es", value: "phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/edit-result.php cuando es usado action=add.", }, ], id: "CVE-2019-16694", lastModified: "2024-11-21T04:30:59.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-22T15:15:13.953", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-14 20:15
Modified
2024-11-21 08:36
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md | Exploit, Vendor Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.239732 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.239732 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.239732 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.239732 | Permissions Required, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "44568465-4A70-496E-A435-AC8928B323E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.", }, { lang: "es", value: "Se encontró una vulnerabilidad en phpipam 1.5.1. Ha sido calificado como problemático. Una función desconocida del componente Header Handler es afectada por esta vulnerabilidad. La manipulación del argumento X-Forwarded-Host conduce a una redirección abierta. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-239732.", }, ], id: "CVE-2023-4965", lastModified: "2024-11-21T08:36:21.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "MULTIPLE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:M/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-14T20:15:12.880", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.239732", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?id.239732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.239732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?id.239732", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-20 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2326 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2326 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "263E5E1B-4833-43F0-B563-30ADE0F25EE0", versionEndIncluding: "1.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.", }, { lang: "es", value: "PHPipam, en versiones 1.3.2 y anteriores, contiene una vulnerabilidad CWE-79 en /app/admin/users/print-user.php que puede resultar en la ejecución de código en el navegador de la víctima. El ataque parece ser explotable mediante un atacante que cambie el parámetro theme en las opciones de usuario. El administrador (víctima) visualiza al usuario en el panel de control y la vulnerabilidad es explotada. La vulnerabilidad parece haber sido solucionada en la versión 1.4.", }, ], id: "CVE-2018-1000870", lastModified: "2024-11-21T03:40:32.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-20T17:29:00.783", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2326", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-20 04:15
Modified
2024-11-21 05:00
Severity ?
Summary
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/3025 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=SpFmM03Jl40 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/3025 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=SpFmM03Jl40 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.4:*:*:*:*:*:*:*", matchCriteriaId: "3B073F95-66BA-4D4E-888F-51DC1B2B834A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.", }, { lang: "es", value: "phpIPAM versión 1.4, contiene una vulnerabilidad de tipo cross site scripting (XSS) almacenado en el campo Edit User Instructions del widget User Instructions.", }, ], id: "CVE-2020-13225", lastModified: "2024-11-21T05:00:50.223", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-20T04:15:10.427", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/3025", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.youtube.com/watch?v=SpFmM03Jl40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/3025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.youtube.com/watch?v=SpFmM03Jl40", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-04 17:15
Modified
2024-11-21 05:38
Severity ?
Summary
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pastebin.com/ZPECbgZb | Exploit, Third Party Advisory | |
| cve@mitre.org | https://phpipam.net/news/phpipam-v1-5-released/ | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pastebin.com/ZPECbgZb | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://phpipam.net/news/phpipam-v1-5-released/ | Broken Link, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.4:*:*:*:*:*:*:*", matchCriteriaId: "3B073F95-66BA-4D4E-888F-51DC1B2B834A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.", }, { lang: "es", value: "Se detectó un problema en el archivo tools/pass-change/result.php en phpIPAM versión 1.4., un ataque de tipo CSRF puede ser usado para cambiar la contraseña de cualquier usuario/administrador, para escalar privilegios y para conseguir acceso a más datos y funcionalidad. Este problema se presenta debido a la falta de un requerimiento para proveer la antigua contraseña y a la falta de tokens de seguridad.", }, ], id: "CVE-2020-7988", lastModified: "2024-11-21T05:38:08.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-04T17:15:11.830", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://pastebin.com/ZPECbgZb", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Vendor Advisory", ], url: "https://phpipam.net/news/phpipam-v1-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://pastebin.com/ZPECbgZb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Vendor Advisory", ], url: "https://phpipam.net/news/phpipam-v1-5-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-22 15:15
Modified
2024-11-21 04:30
Severity ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/2738 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "5CE82745-8135-4737-967A-BCFE1EBF5353", versionEndIncluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.", }, { lang: "es", value: "phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/filter.php cuando es usado action=add.", }, ], id: "CVE-2019-16695", lastModified: "2024-11-21T04:30:59.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-22T15:15:14.017", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-04-01 20:35
Severity ?
Summary
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to full compromise of the user.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC3A383-0A9F-4B31-89F0-4DCDE1657A97", versionEndIncluding: "1.6", versionStartIncluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to full compromise of the user.", }, { lang: "es", value: "Existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en phpipam/phpipam, versiones 1.5.0 a 1.6.0. Esta vulnerabilidad surge cuando la aplicación recibe datos en una solicitud HTTP y los incluye en la respuesta inmediata de forma insegura. Esto permite a un atacante ejecutar JavaScript arbitrario en el contexto del navegador del usuario, lo que podría comprometer su seguridad.", }, ], id: "CVE-2024-10727", lastModified: "2025-04-01T20:35:36.647", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-20T10:15:19.633", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731", }, { source: "security@huntr.dev", tags: [ "Exploit", ], url: "https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Exploit", ], url: "https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-24 06:29
Modified
2024-11-21 03:41
Severity ?
Summary
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phpipam/phpipam/issues/1903 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phpipam/phpipam/issues/1903 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "11F2E39D-A092-4E6F-B0A0-AF9D0682D1F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.", }, { lang: "es", value: "app/tools/mac-lookup/index.php en phpIPAM 1.3.1 tiene Cross-Site Scripting (XSS) reflejado en /tools/mac-lookup/ mediante el parámetro mac.", }, ], id: "CVE-2018-10329", lastModified: "2024-11-21T03:41:14.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-24T06:29:00.677", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/1903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/phpipam/phpipam/issues/1903", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2021-35438
Vulnerability from cvelistv5
Published
2021-06-23 14:20
Modified
2024-08-04 00:40
Severity ?
EPSS score ?
Summary
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/3351 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:40:45.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/3351", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-23T14:20:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/3351", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-35438", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/3351", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/3351", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-35438", datePublished: "2021-06-23T14:20:08", dateReserved: "2021-06-23T00:00:00", dateUpdated: "2024-08-04T00:40:45.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1223
Vulnerability from cvelistv5
Published
2022-04-04 10:45
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | x_refsource_MISC | |
| https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:55:24.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "1.4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.</p>", }, ], value: "Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-02T08:42:02.920Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab", }, ], source: { advisory: "baec4c23-2466-4b13-b3c0-eaf1d000d4ab", discovery: "EXTERNAL", }, title: "Incorrect Authorization in phpipam/phpipam", x_generator: { engine: "Vulnogram 0.1.0-dev", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@huntr.dev", ID: "CVE-2022-1223", STATE: "PUBLIC", TITLE: "Improper Access Control in phpipam/phpipam", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "phpipam/phpipam", version: { version_data: [ { version_affected: "<", version_value: "1.4.6", }, ], }, }, ], }, vendor_name: "phpipam", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284 Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", refsource: "MISC", url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { name: "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab", refsource: "CONFIRM", url: "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab", }, ], }, source: { advisory: "baec4c23-2466-4b13-b3c0-eaf1d000d4ab", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-1223", datePublished: "2022-04-04T10:45:20", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-02T23:55:24.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23046
Vulnerability from cvelistv5
Published
2022-01-19 20:38
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
References
| ▼ | URL | Tags |
|---|---|---|
| https://fluidattacks.com/advisories/mercury/ | x_refsource_MISC | |
| https://github.com/phpipam/phpipam/releases/tag/v1.4.5 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:28:42.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://fluidattacks.com/advisories/mercury/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "PhpIPAM", vendor: "n/a", versions: [ { status: "affected", version: "1.4.4", }, ], }, ], descriptions: [ { lang: "en", value: "PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the \"subnet\" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php", }, ], problemTypes: [ { descriptions: [ { description: "SQL injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-25T17:06:11", orgId: "84fe0718-d6bb-4716-a7e8-81a6d1daa869", shortName: "Fluid Attacks", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://fluidattacks.com/advisories/mercury/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "help@fluidattacks.com", ID: "CVE-2022-23046", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "PhpIPAM", version: { version_data: [ { version_value: "1.4.4", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the \"subnet\" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "SQL injection", }, ], }, ], }, references: { reference_data: [ { name: "https://fluidattacks.com/advisories/mercury/", refsource: "MISC", url: "https://fluidattacks.com/advisories/mercury/", }, { name: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", refsource: "MISC", url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, { name: "http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "84fe0718-d6bb-4716-a7e8-81a6d1daa869", assignerShortName: "Fluid Attacks", cveId: "CVE-2022-23046", datePublished: "2022-01-19T20:38:56", dateReserved: "2022-01-10T00:00:00", dateUpdated: "2024-08-03T03:28:42.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-10721
Vulnerability from cvelistv5
Published
2025-03-20 10:11
Modified
2025-03-20 13:35
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits options page (https://demo.phpipam.net/tools/circuits/options/). An attacker can exploit this vulnerability to steal cookies, gain unauthorized access to user accounts, or redirect users to malicious websites. The vulnerability has been fixed in version 1.7.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.7.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-10721", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T13:35:00.618607Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T13:35:03.620Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://huntr.com/bounties/a440a003-84c9-47b5-bfbd-675564abe3d8", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "1.7.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits options page (https://demo.phpipam.net/tools/circuits/options/). An attacker can exploit this vulnerability to steal cookies, gain unauthorized access to user accounts, or redirect users to malicious websites. The vulnerability has been fixed in version 1.7.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:11:07.493Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/a440a003-84c9-47b5-bfbd-675564abe3d8", }, { url: "https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731", }, ], source: { advisory: "a440a003-84c9-47b5-bfbd-675564abe3d8", discovery: "EXTERNAL", }, title: "Store XSS in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-10721", datePublished: "2025-03-20T10:11:07.493Z", dateReserved: "2024-11-01T23:19:03.595Z", dateUpdated: "2025-03-20T13:35:03.620Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1000010
Vulnerability from cvelistv5
Published
2019-02-04 21:00
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/2327 | x_refsource_MISC | |
| https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:00:19.418Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2327", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2019-01-22T00:00:00", datePublic: "2019-02-04T00:00:00", descriptions: [ { lang: "en", value: "phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-04T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/2327", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2019-01-22T21:21:10.018967", DATE_REQUESTED: "2019-01-15T04:36:09", ID: "CVE-2019-1000010", REQUESTER: "oscar@sakerhetskontoret.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/2327", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2327", }, { name: "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c", refsource: "MISC", url: "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-1000010", datePublished: "2019-02-04T21:00:00", dateReserved: "2019-01-15T00:00:00", dateUpdated: "2024-08-05T03:00:19.418Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0787
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 19:09
Severity ?
EPSS score ?
Summary
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.7.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "phpipam", vendor: "phpipam", versions: [ { lessThan: "1.70", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-0787", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T19:08:12.245566Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T19:09:48.262Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "1.7.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "CWE-307 Improper Restriction of Excessive Authentication Attempts", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T10:57:05.410Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/840cb582-1feb-43ab-9cc4-e4b5a63c5bab", }, { url: "https://github.com/phpipam/phpipam/commit/55c2056068be9f1359e967fcff64db6b7f4d00b5", }, ], source: { advisory: "840cb582-1feb-43ab-9cc4-e4b5a63c5bab", discovery: "EXTERNAL", }, title: "Improper Restriction of Excessive Authentication Attempts in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-0787", datePublished: "2024-11-15T10:57:05.410Z", dateReserved: "2024-01-22T17:00:17.923Z", dateUpdated: "2024-11-15T19:09:48.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0677
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2025-03-26 14:45
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < v1.5.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0", }, { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0677", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T14:45:26.216286Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-26T14:45:44.235Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "v1.5.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-04T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0", }, { url: "https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89", }, ], source: { advisory: "d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Reflected in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0677", datePublished: "2023-02-04T00:00:00.000Z", dateReserved: "2023-02-04T00:00:00.000Z", dateUpdated: "2025-03-26T14:45:44.235Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4965
Vulnerability from cvelistv5
Published
2023-09-14 20:00
Modified
2024-08-02 07:44
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.239732 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.239732 | signature, permissions-required | |
| https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md | exploit |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-4965", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-08T18:38:37.615056Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T18:38:50.793Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.442Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.239732", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.239732", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { modules: [ "Header Handler", ], product: "phpipam", vendor: "n/a", versions: [ { status: "affected", version: "1.5.1", }, ], }, ], credits: [ { lang: "en", type: "analyst", value: "Affan (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in phpipam 1.5.1 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente Header Handler. Durch das Beeinflussen des Arguments X-Forwarded-Host mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 2.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 2.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 3.3, vectorString: "AV:N/AC:L/Au:M/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 Open Redirect", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-24T16:17:01.640Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.239732", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.239732", }, { tags: [ "exploit", ], url: "https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md", }, ], timeline: [ { lang: "en", time: "2023-09-14T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2023-09-14T00:00:00.000Z", value: "CVE reserved", }, { lang: "en", time: "2023-09-14T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2023-10-11T19:28:27.000Z", value: "VulDB entry last update", }, ], title: "phpipam Header redirect", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2023-4965", datePublished: "2023-09-14T20:00:07.601Z", dateReserved: "2023-09-14T15:36:32.006Z", dateUpdated: "2024-08-02T07:44:53.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41443
Vulnerability from cvelistv5
Published
2022-10-03 15:31
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:46.269Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-03T15:31:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-41443", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01", refsource: "MISC", url: "https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-41443", datePublished: "2022-10-03T15:31:47", dateReserved: "2022-09-26T00:00:00", dateUpdated: "2024-08-03T12:42:46.269Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41580
Vulnerability from cvelistv5
Published
2023-10-02 00:00
Modified
2024-09-23 16:28
Severity ?
EPSS score ?
Summary
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/ehtec/phpipam-exploit", }, { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/c451085476074943eb4056941005c0b61db566c5", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41580", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T16:27:26.209058Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-23T16:28:18.183Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-02T12:44:18.461673", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/ehtec/phpipam-exploit", }, { url: "https://github.com/phpipam/phpipam/commit/c451085476074943eb4056941005c0b61db566c5", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-41580", datePublished: "2023-10-02T00:00:00", dateReserved: "2023-08-30T00:00:00", dateUpdated: "2024-09-23T16:28:18.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10329
Vulnerability from cvelistv5
Published
2018-04-24 06:00
Modified
2024-09-16 16:53
Severity ?
EPSS score ?
Summary
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/1903 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:39:06.555Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/1903", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-24T06:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/phpipam/phpipam/issues/1903", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10329", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/1903", refsource: "CONFIRM", url: "https://github.com/phpipam/phpipam/issues/1903", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10329", datePublished: "2018-04-24T06:00:00Z", dateReserved: "2018-04-24T00:00:00Z", dateUpdated: "2024-09-16T16:53:15.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16694
Vulnerability from cvelistv5
Published
2019-09-22 14:58
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/2738 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:17:41.108Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-22T14:58:36", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16694", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/2738", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2738", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16694", datePublished: "2019-09-22T14:58:36", dateReserved: "2019-09-22T00:00:00", dateUpdated: "2024-08-05T01:17:41.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0678
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2025-03-26 14:44
Severity ?
EPSS score ?
Summary
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < v1.5.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.339Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/8d299377-be00-46dc-bebe-3d439127982f", }, { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0678", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T14:43:49.348203Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-26T14:44:18.479Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "v1.5.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/8d299377-be00-46dc-bebe-3d439127982f", }, { url: "https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4", }, ], source: { advisory: "8d299377-be00-46dc-bebe-3d439127982f", discovery: "EXTERNAL", }, title: "Missing Authorization in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0678", datePublished: "2023-02-04T00:00:00.000Z", dateReserved: "2023-02-04T00:00:00.000Z", dateUpdated: "2025-03-26T14:44:18.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46426
Vulnerability from cvelistv5
Published
2022-03-25 15:54
Modified
2024-08-04 05:02
Severity ?
EPSS score ?
Summary
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tempest.com.br | x_refsource_MISC | |
| https://github.com/phpipam | x_refsource_MISC | |
| https://github.com/phpipam/phpipam/commit/6c1f72816d6ac634e9c174057e008717d959f351 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/May/43 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:02:11.522Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tempest.com.br", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/6c1f72816d6ac634e9c174057e008717d959f351", }, { name: "20220518 PHPIPAM 1.4.4 - CVE-2021-46426", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/43", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-19T17:06:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tempest.com.br", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/commit/6c1f72816d6ac634e9c174057e008717d959f351", }, { name: "20220518 PHPIPAM 1.4.4 - CVE-2021-46426", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2022/May/43", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-46426", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tempest.com.br", refsource: "MISC", url: "https://www.tempest.com.br", }, { name: "https://github.com/phpipam", refsource: "MISC", url: "https://github.com/phpipam", }, { name: "https://github.com/phpipam/phpipam/commit/6c1f72816d6ac634e9c174057e008717d959f351", refsource: "MISC", url: "https://github.com/phpipam/phpipam/commit/6c1f72816d6ac634e9c174057e008717d959f351", }, { name: "20220518 PHPIPAM 1.4.4 - CVE-2021-46426", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2022/May/43", }, { name: "http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-46426", datePublished: "2022-03-25T15:54:12", dateReserved: "2022-01-24T00:00:00", dateUpdated: "2024-08-04T05:02:11.522Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7988
Vulnerability from cvelistv5
Published
2020-03-04 16:07
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.
References
| ▼ | URL | Tags |
|---|---|---|
| https://phpipam.net/news/phpipam-v1-5-released/ | x_refsource_MISC | |
| https://pastebin.com/ZPECbgZb | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:48:24.607Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://phpipam.net/news/phpipam-v1-5-released/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pastebin.com/ZPECbgZb", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-04T16:07:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://phpipam.net/news/phpipam-v1-5-released/", }, { tags: [ "x_refsource_MISC", ], url: "https://pastebin.com/ZPECbgZb", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-7988", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://phpipam.net/news/phpipam-v1-5-released/", refsource: "MISC", url: "https://phpipam.net/news/phpipam-v1-5-released/", }, { name: "https://pastebin.com/ZPECbgZb", refsource: "MISC", url: "https://pastebin.com/ZPECbgZb", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-7988", datePublished: "2020-03-04T16:07:52", dateReserved: "2020-01-26T00:00:00", dateUpdated: "2024-08-04T09:48:24.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-1211
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2025-03-06 19:27
Severity ?
EPSS score ?
Summary
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < v1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:40:59.715Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd", }, { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1211", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T19:26:50.402704Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-06T19:27:01.683Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "v1.5.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-06T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd", }, { url: "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922", }, ], source: { advisory: "ed569124-2aeb-4b0d-a312-435460892afd", discovery: "EXTERNAL", }, title: " SQL Injection in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-1211", datePublished: "2023-03-06T00:00:00.000Z", dateReserved: "2023-03-06T00:00:00.000Z", dateUpdated: "2025-03-06T19:27:01.683Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13225
Vulnerability from cvelistv5
Published
2020-05-20 03:05
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/3025 | x_refsource_MISC | |
| https://www.youtube.com/watch?v=SpFmM03Jl40 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:11:19.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/3025", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.youtube.com/watch?v=SpFmM03Jl40", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-20T03:05:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/3025", }, { tags: [ "x_refsource_MISC", ], url: "https://www.youtube.com/watch?v=SpFmM03Jl40", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13225", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/3025", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/3025", }, { name: "https://www.youtube.com/watch?v=SpFmM03Jl40", refsource: "MISC", url: "https://www.youtube.com/watch?v=SpFmM03Jl40", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13225", datePublished: "2020-05-20T03:05:27", dateReserved: "2020-05-20T00:00:00", dateUpdated: "2024-08-04T12:11:19.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23045
Vulnerability from cvelistv5
Published
2022-01-19 20:38
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/releases/tag/v1.4.5 | x_refsource_MISC | |
| https://fluidattacks.com/advisories/osbourne/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:28:43.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://fluidattacks.com/advisories/osbourne/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "PhpIPAM", vendor: "n/a", versions: [ { status: "affected", version: "1.4.4", }, ], }, ], descriptions: [ { lang: "en", value: "PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site title\" parameter while updating the site settings. The \"Site title\" setting is injected in several locations which triggers the XSS.", }, ], problemTypes: [ { descriptions: [ { description: "Stored cross-site scripting (XSS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-19T20:38:57", orgId: "84fe0718-d6bb-4716-a7e8-81a6d1daa869", shortName: "Fluid Attacks", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, { tags: [ "x_refsource_MISC", ], url: "https://fluidattacks.com/advisories/osbourne/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "help@fluidattacks.com", ID: "CVE-2022-23045", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "PhpIPAM", version: { version_data: [ { version_value: "1.4.4", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site title\" parameter while updating the site settings. The \"Site title\" setting is injected in several locations which triggers the XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored cross-site scripting (XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", refsource: "MISC", url: "https://github.com/phpipam/phpipam/releases/tag/v1.4.5", }, { name: "https://fluidattacks.com/advisories/osbourne/", refsource: "MISC", url: "https://fluidattacks.com/advisories/osbourne/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "84fe0718-d6bb-4716-a7e8-81a6d1daa869", assignerShortName: "Fluid Attacks", cveId: "CVE-2022-23045", datePublished: "2022-01-19T20:38:57", dateReserved: "2022-01-10T00:00:00", dateUpdated: "2024-08-03T03:28:43.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16692
Vulnerability from cvelistv5
Published
2019-09-22 14:58
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/2738 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:17:41.091Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-01T22:06:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16692", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/2738", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2738", }, { name: "http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154651/phpIPAM-1.4-SQL-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16692", datePublished: "2019-09-22T14:58:54", dateReserved: "2019-09-22T00:00:00", dateUpdated: "2024-08-05T01:17:41.091Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000870
Vulnerability from cvelistv5
Published
2018-12-20 17:00
Modified
2024-09-17 02:32
Severity ?
EPSS score ?
Summary
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040 | x_refsource_MISC | |
| https://github.com/phpipam/phpipam/issues/2326 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:47:57.379Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2326", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-12-19T00:00:00", descriptions: [ { lang: "en", value: "PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-20T17:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/2326", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2018-12-19T20:52:45.253944", DATE_REQUESTED: "2018-12-06T06:56:23", ID: "CVE-2018-1000870", REQUESTER: "oscar@sakerhetskontoret.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040", refsource: "MISC", url: "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040", }, { name: "https://github.com/phpipam/phpipam/issues/2326", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2326", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000870", datePublished: "2018-12-20T17:00:00Z", dateReserved: "2018-12-20T00:00:00Z", dateUpdated: "2024-09-17T02:32:43.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000869
Vulnerability from cvelistv5
Published
2018-12-20 17:00
Modified
2024-09-16 19:04
Severity ?
EPSS score ?
Summary
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/2344 | x_refsource_MISC | |
| https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:47:57.485Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2344", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-12-19T00:00:00", descriptions: [ { lang: "en", value: "phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-20T17:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/2344", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2018-12-19T20:52:45.252735", DATE_REQUESTED: "2018-12-05T07:39:06", ID: "CVE-2018-1000869", REQUESTER: "oscar@arnflo.se", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/2344", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2344", }, { name: "https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d", refsource: "MISC", url: "https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000869", datePublished: "2018-12-20T17:00:00Z", dateReserved: "2018-12-20T00:00:00Z", dateUpdated: "2024-09-16T19:04:36.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6529
Vulnerability from cvelistv5
Published
2015-08-20 20:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt | x_refsource_MISC | |
| http://packetstormsecurity.com/files/133055/phpipam-1.1.010-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536188/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:22.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/133055/phpipam-1.1.010-Cross-Site-Scripting.html", }, { name: "20150812 phpipam-1.1.010 XSS Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/536188/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-12T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/133055/phpipam-1.1.010-Cross-Site-Scripting.html", }, { name: "20150812 phpipam-1.1.010 XSS Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/536188/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-6529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt", refsource: "MISC", url: "http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt", }, { name: "http://packetstormsecurity.com/files/133055/phpipam-1.1.010-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/133055/phpipam-1.1.010-Cross-Site-Scripting.html", }, { name: "20150812 phpipam-1.1.010 XSS Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/536188/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-6529", datePublished: "2015-08-20T20:00:00", dateReserved: "2015-08-20T00:00:00", dateUpdated: "2024-08-06T07:22:22.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1226
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 20:59
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.4.7 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "phpipam", vendor: "phpipam", versions: [ { lessThan: "1.4.7", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-1226", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T20:58:44.943024Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T20:59:32.661Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "1.4.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T10:57:20.597Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/3fdcf653-fe26-4592-94a1-98ce664618ec", }, { url: "https://github.com/phpipam/phpipam/commit/50e36b9e4fff5eaa51dc6e42bc684748da378002", }, ], source: { advisory: "3fdcf653-fe26-4592-94a1-98ce664618ec", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2022-1226", datePublished: "2024-11-15T10:57:20.597Z", dateReserved: "2022-04-04T10:41:01.205Z", dateUpdated: "2024-11-15T20:59:32.661Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-1212
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2025-03-06 18:32
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < v1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:40:59.856Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499", }, { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1212", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T18:32:12.870447Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-06T18:32:30.084Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "v1.5.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-06T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499", }, { url: "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960", }, ], source: { advisory: "3d5199d6-9bb2-4f7b-bd81-bded704da499", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-1212", datePublished: "2023-03-06T00:00:00.000Z", dateReserved: "2023-03-06T00:00:00.000Z", dateUpdated: "2025-03-06T18:32:30.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24657
Vulnerability from cvelistv5
Published
2023-03-08 00:00
Modified
2025-03-05 18:47
Severity ?
EPSS score ?
Summary
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:03:19.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/3738", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-24657", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-05T18:46:36.441308Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-05T18:47:09.193Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-08T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/phpipam/phpipam/issues/3738", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24657", datePublished: "2023-03-08T00:00:00.000Z", dateReserved: "2023-01-30T00:00:00.000Z", dateUpdated: "2025-03-05T18:47:09.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55093
Vulnerability from cvelistv5
Published
2025-03-31 00:00
Modified
2025-03-31 13:41
Severity ?
EPSS score ?
Summary
phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-55093", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T13:41:03.298282Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T13:41:23.227Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "phpIPAM", vendor: "phpIPAM", versions: [ { lessThanOrEqual: "1.7.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", versionEndIncluding: "1.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-31T12:38:18.422Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/phpipam/phpipam/commit/d0caaeba885364fd0521f094511c5d7b11f9da8f", }, ], x_generator: { engine: "enrichogram 0.0.1", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-55093", datePublished: "2025-03-31T00:00:00.000Z", dateReserved: "2024-12-06T00:00:00.000Z", dateUpdated: "2025-03-31T13:41:23.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15640
Vulnerability from cvelistv5
Published
2018-04-21 21:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/releases/tag/1.3.1 | x_refsource_CONFIRM | |
| https://github.com/phpipam/phpipam/issues/1521 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:57:27.618Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/phpipam/phpipam/releases/tag/1.3.1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/1521", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-21T00:00:00", descriptions: [ { lang: "en", value: "app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-21T21:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/phpipam/phpipam/releases/tag/1.3.1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/phpipam/phpipam/issues/1521", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-15640", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/releases/tag/1.3.1", refsource: "CONFIRM", url: "https://github.com/phpipam/phpipam/releases/tag/1.3.1", }, { name: "https://github.com/phpipam/phpipam/issues/1521", refsource: "CONFIRM", url: "https://github.com/phpipam/phpipam/issues/1521", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-15640", datePublished: "2018-04-21T21:00:00", dateReserved: "2017-10-19T00:00:00", dateUpdated: "2024-08-05T19:57:27.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0676
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2025-03-26 14:47
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.5.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.426Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b", }, { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0676", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T14:46:55.903011Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-26T14:47:18.504Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "1.5.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-04T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b", }, { url: "https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec", }, ], source: { advisory: "b72d4f0c-8a96-4b40-a031-7d469c6ab93b", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Reflected in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0676", datePublished: "2023-02-04T00:00:00.000Z", dateReserved: "2023-02-04T00:00:00.000Z", dateUpdated: "2025-03-26T14:47:18.504Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16696
Vulnerability from cvelistv5
Published
2019-09-22 14:58
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/2738 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:17:41.147Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-22T14:58:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16696", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/2738", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2738", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16696", datePublished: "2019-09-22T14:58:15", dateReserved: "2019-09-22T00:00:00", dateUpdated: "2024-08-05T01:17:41.147Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-10727
Vulnerability from cvelistv5
Published
2025-03-20 10:10
Modified
2025-03-20 15:53
Severity ?
EPSS score ?
Summary
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to full compromise of the user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.7.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-10727", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T15:53:13.184868Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T15:53:17.600Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "1.7.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to full compromise of the user.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:10:58.253Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/259eed22-4d6f-4229-92e5-04674f302d5d", }, { url: "https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731", }, ], source: { advisory: "259eed22-4d6f-4229-92e5-04674f302d5d", discovery: "EXTERNAL", }, title: "Cross-Site Scripting (XSS) in phpipam/phpipam", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-10727", datePublished: "2025-03-20T10:10:58.253Z", dateReserved: "2024-11-01T23:43:20.860Z", dateUpdated: "2025-03-20T15:53:17.600Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1225
Vulnerability from cvelistv5
Published
2022-04-04 10:50
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | x_refsource_MISC | |
| https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:55:24.394Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "1.4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266 Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-04T10:50:11", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2", }, ], source: { advisory: "49b44cfa-d142-4d79-b529-7805507169d2", discovery: "EXTERNAL", }, title: "Incorrect Privilege Assignment in phpipam/phpipam", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@huntr.dev", ID: "CVE-2022-1225", STATE: "PUBLIC", TITLE: "Incorrect Privilege Assignment in phpipam/phpipam", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "phpipam/phpipam", version: { version_data: [ { version_affected: "<", version_value: "1.4.6", }, ], }, }, ], }, vendor_name: "phpipam", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-266 Incorrect Privilege Assignment", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", refsource: "MISC", url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, { name: "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2", refsource: "CONFIRM", url: "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2", }, ], }, source: { advisory: "49b44cfa-d142-4d79-b529-7805507169d2", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-1225", datePublished: "2022-04-04T10:50:11", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-02T23:55:24.394Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3845
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2025-04-15 13:17
Severity ?
EPSS score ?
Summary
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | phpipam |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:58.793Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/22c797c3583001211fe7d31bccd3f1d4aeeb3bbc", }, { tags: [ "x_transferred", ], url: "https://github.com/phpipam/phpipam/releases/tag/v1.5.0", }, { tags: [ "x_transferred", ], url: "https://vuldb.com/?id.212863", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-3845", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T17:06:25.199706Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-15T13:17:33.838Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "phpipam", vendor: "unspecified", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-707", description: "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-02T00:00:00.000Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { url: "https://github.com/phpipam/phpipam/commit/22c797c3583001211fe7d31bccd3f1d4aeeb3bbc", }, { url: "https://github.com/phpipam/phpipam/releases/tag/v1.5.0", }, { url: "https://vuldb.com/?id.212863", }, ], title: "phpipam Import Preview import-load-data.php cross site scripting", x_generator: "vuldb.com", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2022-3845", datePublished: "2022-11-02T00:00:00.000Z", dateReserved: "2022-11-02T00:00:00.000Z", dateUpdated: "2025-04-15T13:17:33.838Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1224
Vulnerability from cvelistv5
Published
2022-04-04 10:45
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a | x_refsource_CONFIRM | |
| https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:55:24.593Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "phpipam/phpipam", vendor: "phpipam", versions: [ { lessThan: "1.4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-04T10:45:15", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, ], source: { advisory: "cd9e1508-5682-427e-a921-14b4f520b85a", discovery: "EXTERNAL", }, title: "Improper Authorization in phpipam/phpipam", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@huntr.dev", ID: "CVE-2022-1224", STATE: "PUBLIC", TITLE: "Improper Authorization in phpipam/phpipam", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "phpipam/phpipam", version: { version_data: [ { version_affected: "<", version_value: "1.4.6", }, ], }, }, ], }, vendor_name: "phpipam", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285 Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a", refsource: "CONFIRM", url: "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a", }, { name: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", refsource: "MISC", url: "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", }, ], }, source: { advisory: "cd9e1508-5682-427e-a921-14b4f520b85a", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-1224", datePublished: "2022-04-04T10:45:15", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-02T23:55:24.593Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16693
Vulnerability from cvelistv5
Published
2019-09-22 14:58
Modified
2025-04-16 14:38
Severity ?
EPSS score ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:17:41.096Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-16T14:38:43.441Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/phpipam/phpipam/issues/2738", }, { url: "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2019-16693.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16693", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/2738", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2738", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16693", datePublished: "2019-09-22T14:58:45.000Z", dateReserved: "2019-09-22T00:00:00.000Z", dateUpdated: "2025-04-16T14:38:43.441Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000860
Vulnerability from cvelistv5
Published
2018-12-20 16:00
Modified
2024-09-17 00:05
Severity ?
EPSS score ?
Summary
phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/2338 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:47:57.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2338", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-12-05T00:00:00", descriptions: [ { lang: "en", value: "phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-20T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/2338", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2018-12-05T14:18:48.097031", DATE_REQUESTED: "2018-11-29T17:16:48", ID: "CVE-2018-1000860", REQUESTER: "Disgruntled3lf@gmail.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/2338", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2338", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000860", datePublished: "2018-12-20T16:00:00Z", dateReserved: "2018-12-20T00:00:00Z", dateUpdated: "2024-09-17T00:05:30.596Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41358
Vulnerability from cvelistv5
Published
2024-08-29 00:00
Modified
2025-04-16 13:57
Severity ?
EPSS score ?
Summary
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-41358", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-30T13:41:35.836844Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T19:17:58.451Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\\admin\\import-export\\import-load-data.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-16T13:57:40.598Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/phpipam/phpipam/issues/4148", }, { url: "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2024-41358.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-41358", datePublished: "2024-08-29T00:00:00.000Z", dateReserved: "2024-07-18T00:00:00.000Z", dateUpdated: "2025-04-16T13:57:40.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6481
Vulnerability from cvelistv5
Published
2017-03-05 20:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/992 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96573 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:33:20.090Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/992", }, { name: "96573", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96573", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-05T00:00:00", descriptions: [ { lang: "en", value: "Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-07T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/phpipam/phpipam/issues/992", }, { name: "96573", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96573", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6481", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/992", refsource: "CONFIRM", url: "https://github.com/phpipam/phpipam/issues/992", }, { name: "96573", refsource: "BID", url: "http://www.securityfocus.com/bid/96573", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6481", datePublished: "2017-03-05T20:00:00", dateReserved: "2017-03-05T00:00:00", dateUpdated: "2024-08-05T15:33:20.090Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16695
Vulnerability from cvelistv5
Published
2019-09-22 14:58
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/issues/2738 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:17:41.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-22T14:58:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/phpipam/phpipam/issues/2738", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16695", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phpipam/phpipam/issues/2738", refsource: "MISC", url: "https://github.com/phpipam/phpipam/issues/2738", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16695", datePublished: "2019-09-22T14:58:23", dateReserved: "2019-09-22T00:00:00", dateUpdated: "2024-08-05T01:17:41.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }