CVE-2023-1211 – This SQL injection vulnerability in phpIPAM all... (How to Fix)

Q: What is the severity of CVE-2023-1211?

CVE-2023-1211 has a CVSS score of 7.2 (HIGH). This SQL injection vulnerability in phpIPAM allows attackers to execute arbitrary SQL commands through unsanitized user input. It affects all phpIPAM installations prior to version 1.5.2. Attackers could potentially access, modify, or delete database contents.

📋 TL;DR

This SQL injection vulnerability in phpIPAM allows attackers to execute arbitrary SQL commands through unsanitized user input. It affects all phpIPAM installations prior to version 1.5.2. Attackers could potentially access, modify, or delete database contents.

💻 Affected Systems

Products:

phpIPAM

Versions: All versions prior to 1.5.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations using vulnerable code paths. The specific vulnerable component is in the application's handling of user input.

📦 What is this software?

Phpipam by Phpipam

View all CVEs affecting Phpipam →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, authentication bypass, or remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, privilege escalation, or data manipulation within the phpIPAM database.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database user privilege restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof of concept available on GitHub. Exploitation requires authentication to phpIPAM but SQL injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.2

Vendor Advisory: https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922

Restart Required: No

Instructions:

1. Backup your phpIPAM installation and database. 2. Update to phpIPAM version 1.5.2 or later. 3. Verify the fix by checking the commit hash includes the security patch.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for all user-supplied parameters in phpIPAM

Web Application Firewall

all

Deploy WAF rules to block SQL injection patterns

🧯 If You Can't Patch

Restrict network access to phpIPAM to trusted IP addresses only
Implement database user with minimal required privileges

🔍 How to Verify

Check if Vulnerable:

Check phpIPAM version in web interface or by examining source code version files

Check Version:

grep -r 'define.*VERSION' /path/to/phpipam/ or check web interface

Verify Fix Applied:

Verify installation is version 1.5.2 or later and check for the security commit in the codebase

📡 Detection & Monitoring

Log Indicators:

Unusual database queries in application logs
SQL error messages containing user input
Multiple failed login attempts followed by SQL-like patterns

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.) in parameters
Unusual database connection patterns from web server

SIEM Query:

source="phpipam_logs" AND ("SQL syntax" OR "mysql_error" OR "SELECT * FROM" IN uri_query)

📊 Metadata

CVE ID: CVE-2023-1211

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 7, 2023

Last Updated: February 16, 2026

🔗 References

https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922 Patch
https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd Exploit,Patch,Third Party Advisory
https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-1211.md
https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922 Patch
https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1211, you might also want to check these: