Vulnerabilites related to phpipam - phpipam/phpipam
cve-2023-0678
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < v1.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8d299377-be00-46dc-bebe-3d439127982f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "v1.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8d299377-be00-46dc-bebe-3d439127982f"
},
{
"url": "https://github.com/phpipam/phpipam/commit/1960bd24e8a55796da066237cf11272c44bb1cc4"
}
],
"source": {
"advisory": "8d299377-be00-46dc-bebe-3d439127982f",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in phpipam/phpipam"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0678",
"datePublished": "2023-02-04T00:00:00",
"dateReserved": "2023-02-04T00:00:00",
"dateUpdated": "2024-08-02T05:17:50.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1224
Vulnerability from cvelistv5
Published
2022-04-04 10:45
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a | x_refsource_CONFIRM | |
| https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.4.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T10:45:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
}
],
"source": {
"advisory": "cd9e1508-5682-427e-a921-14b4f520b85a",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in phpipam/phpipam",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1224",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in phpipam/phpipam"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpipam/phpipam",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.4.6"
}
]
}
}
]
},
"vendor_name": "phpipam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a"
},
{
"name": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
}
]
},
"source": {
"advisory": "cd9e1508-5682-427e-a921-14b4f520b85a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1224",
"datePublished": "2022-04-04T10:45:15",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1225
Vulnerability from cvelistv5
Published
2022-04-04 10:50
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | x_refsource_MISC | |
| https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.4.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T10:50:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2"
}
],
"source": {
"advisory": "49b44cfa-d142-4d79-b529-7805507169d2",
"discovery": "EXTERNAL"
},
"title": "Incorrect Privilege Assignment in phpipam/phpipam",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1225",
"STATE": "PUBLIC",
"TITLE": "Incorrect Privilege Assignment in phpipam/phpipam"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpipam/phpipam",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.4.6"
}
]
}
}
]
},
"vendor_name": "phpipam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
},
{
"name": "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2"
}
]
},
"source": {
"advisory": "49b44cfa-d142-4d79-b529-7805507169d2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1225",
"datePublished": "2022-04-04T10:50:11",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1211
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2025-03-06 19:27
Severity ?
EPSS score ?
Summary
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < v1.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1211",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T19:26:50.402704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T19:27:01.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "v1.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd"
},
{
"url": "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922"
}
],
"source": {
"advisory": "ed569124-2aeb-4b0d-a312-435460892afd",
"discovery": "EXTERNAL"
},
"title": " SQL Injection in phpipam/phpipam"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1211",
"datePublished": "2023-03-06T00:00:00.000Z",
"dateReserved": "2023-03-06T00:00:00.000Z",
"dateUpdated": "2025-03-06T19:27:01.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0787
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 19:09
Severity ?
EPSS score ?
Summary
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.7.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "1.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0787",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:08:12.245566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T19:09:48.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the \u0027X-Forwarded-For\u0027 header. The issue lies in the \u0027get_user_ip()\u0027 function in \u0027class.Common.php\u0027 at lines 1044 and 1045, where the presence of the \u0027X-Forwarded-For\u0027 header is checked and used instead of \u0027REMOTE_ADDR\u0027. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:05.410Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/840cb582-1feb-43ab-9cc4-e4b5a63c5bab"
},
{
"url": "https://github.com/phpipam/phpipam/commit/55c2056068be9f1359e967fcff64db6b7f4d00b5"
}
],
"source": {
"advisory": "840cb582-1feb-43ab-9cc4-e4b5a63c5bab",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of Excessive Authentication Attempts in phpipam/phpipam"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-0787",
"datePublished": "2024-11-15T10:57:05.410Z",
"dateReserved": "2024-01-22T17:00:17.923Z",
"dateUpdated": "2024-11-15T19:09:48.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0676
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "1.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-04T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b"
},
{
"url": "https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec"
}
],
"source": {
"advisory": "b72d4f0c-8a96-4b40-a031-7d469c6ab93b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in phpipam/phpipam"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0676",
"datePublished": "2023-02-04T00:00:00",
"dateReserved": "2023-02-04T00:00:00",
"dateUpdated": "2024-08-02T05:17:50.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1223
Vulnerability from cvelistv5
Published
2022-04-04 10:45
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953 | x_refsource_MISC | |
| https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.4.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:42:02.920Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab"
}
],
"source": {
"advisory": "baec4c23-2466-4b13-b3c0-eaf1d000d4ab",
"discovery": "EXTERNAL"
},
"title": "Incorrect Authorization in phpipam/phpipam",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1223",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in phpipam/phpipam"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpipam/phpipam",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.4.6"
}
]
}
}
]
},
"vendor_name": "phpipam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
},
{
"name": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab"
}
]
},
"source": {
"advisory": "baec4c23-2466-4b13-b3c0-eaf1d000d4ab",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1223",
"datePublished": "2022-04-04T10:45:20",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0677
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < v1.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "v1.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-04T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0"
},
{
"url": "https://github.com/phpipam/phpipam/commit/8fbf87e19a6098972abc7521554db5757c3edd89"
}
],
"source": {
"advisory": "d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in phpipam/phpipam"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0677",
"datePublished": "2023-02-04T00:00:00",
"dateReserved": "2023-02-04T00:00:00",
"dateUpdated": "2024-08-02T05:17:50.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1212
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2025-03-06 18:32
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < v1.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1212",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T18:32:12.870447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T18:32:30.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "v1.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499"
},
{
"url": "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960"
}
],
"source": {
"advisory": "3d5199d6-9bb2-4f7b-bd81-bded704da499",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in phpipam/phpipam"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1212",
"datePublished": "2023-03-06T00:00:00.000Z",
"dateReserved": "2023-03-06T00:00:00.000Z",
"dateUpdated": "2025-03-06T18:32:30.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1226
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 20:59
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpipam | phpipam/phpipam |
Version: unspecified < 1.4.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1226",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T20:58:44.943024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:59:32.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpipam/phpipam",
"vendor": "phpipam",
"versions": [
{
"lessThan": "1.4.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim\u0027s browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:20.597Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/3fdcf653-fe26-4592-94a1-98ce664618ec"
},
{
"url": "https://github.com/phpipam/phpipam/commit/50e36b9e4fff5eaa51dc6e42bc684748da378002"
}
],
"source": {
"advisory": "3fdcf653-fe26-4592-94a1-98ce664618ec",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) in phpipam/phpipam"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2022-1226",
"datePublished": "2024-11-15T10:57:20.597Z",
"dateReserved": "2022-04-04T10:41:01.205Z",
"dateUpdated": "2024-11-15T20:59:32.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}