Phpipam Phpipam vulnerabilities
19 known vulnerabilities affecting phpipam/phpipam_phpipam.
Total CVEs
19
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM17
Vulnerabilities
Page 1 of 1
CVE-2023-0678P3MEDIUMCVSS 5.3PoC≥ unspecified, < v1.5.12023-02-04
CVE-2023-0678 [MEDIUM] CWE-862 CVE-2023-0678: Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
nvd
CVE-2023-1211P3HIGHCVSS 7.2PoC≥ unspecified, < v1.5.22023-03-07
CVE-2023-1211 [HIGH] CWE-89 CVE-2023-1211: SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
nvd
CVE-2023-0676P3MEDIUMCVSS 6.1PoC≥ unspecified, < 1.5.12023-02-04
CVE-2023-0676 [MEDIUM] CWE-79 CVE-2023-0676: Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
nvd
CVE-2024-10718P3HIGHCVSS 7.5≥ unspecified, < 1.7.02025-03-20
CVE-2024-10718 [HIGH] CWE-614 CVE-2024-10718: In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is no
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.
nvd
CVE-2022-1223P4MEDIUMCVSS 6.5≥ unspecified, < 1.4.62022-04-04
CVE-2022-1223 [MEDIUM] CWE-863 CVE-2022-1223: Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
nvd
CVE-2022-1225P4MEDIUMCVSS 6.5≥ unspecified, < 1.4.62022-04-04
CVE-2022-1225 [MEDIUM] CWE-266 CVE-2022-1225: Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
nvd
CVE-2022-1224P4MEDIUMCVSS 6.5≥ unspecified, < 1.4.62022-04-04
CVE-2022-1224 [MEDIUM] CWE-285 CVE-2022-1224: Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
nvd
CVE-2024-0787P4MEDIUMCVSS 5.9≥ unspecified, < 1.7.02024-11-15
CVE-2024-0787 [MEDIUM] CWE-307 CVE-2024-0787: phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism t
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMO
nvd
CVE-2024-10720P4MEDIUMCVSS 6.1≥ unspecified, < 1.7.02025-03-20
CVE-2024-10720 [MEDIUM] CWE-79 CVE-2024-10720: A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulne
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distributi
nvd
CVE-2024-10727P4MEDIUMCVSS 6.1≥ unspecified, < 1.7.02025-03-20
CVE-2024-10727 [MEDIUM] CWE-79 CVE-2024-10727: A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 throug
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute arbitrary JavaScript in the context of the user's brows
nvd
CVE-2024-10721P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.02025-03-20
CVE-2024-10721 [MEDIUM] CWE-79 CVE-2024-10721: A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. T
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits options page (https://demo.phpipam.net/tools/circuit
nvd
CVE-2024-10723P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.02025-03-20
CVE-2024-10723 [MEDIUM] CWE-79 CVE-2024-10723: A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. T
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this vulnerability includes the potential theft of user cooki
nvd
CVE-2024-10719P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.02025-03-20
CVE-2024-10719 [MEDIUM] CWE-79 CVE-2024-10719: A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in t
A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. This vulnerability allows an attacker to inject malicious scripts via the 'option' parameter in the POST request to /phpipam/app/admin/circuits/edit-options-submit.php. The injected script can be executed in the conte
nvd
CVE-2023-0677P4MEDIUMCVSS 6.1≥ unspecified, < v1.5.12023-02-04
CVE-2023-0677 [MEDIUM] CWE-79 CVE-2023-0677: Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
nvd
CVE-2024-10722P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.02025-03-20
CVE-2024-10722 [MEDIUM] CWE-79 CVE-2024-10722: A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulne
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to inject malicious scripts into the 'Description' field of custom fields in the 'IP RELATED MANAGEMENT' section. This can lead to data theft, account compromise, distribution of malware, website defacement, content manipulati
nvd
CVE-2024-10725P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.02025-03-20
CVE-2024-10725 [MEDIUM] CWE-79 CVE-2024-10725: A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vuln
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. The issue occurs when editing the NAT destination address, where user input is not properl
nvd
CVE-2024-10724P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.02025-03-20
CVE-2024-10724 [MEDIUM] CWE-79 CVE-2024-10724: A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifica
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0.
nvd
CVE-2022-1226P4MEDIUMCVSS 4.8≥ unspecified, < 1.4.72024-11-15
CVE-2022-1226 [MEDIUM] CWE-79 CVE-2022-1226: A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attacke
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-previ
nvd
CVE-2023-1212P4MEDIUMCVSS 4.8≥ unspecified, < v1.5.22023-03-07
CVE-2023-1212 [MEDIUM] CWE-79 CVE-2023-1212: Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
nvd