CVE-2024-10719
📋 TL;DR
A stored cross-site scripting (XSS) vulnerability in phpipam version 1.5.2 allows attackers to inject malicious scripts via the 'option' parameter in circuits functionality. When executed in a user's browser, this can lead to cookie theft and file disclosure. Users running phpipam 1.5.2 are affected until they upgrade to version 1.7.0.
💻 Affected Systems
- phpipam
📦 What is this software?
Phpipam by Phpipam
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal admin session cookies, gain administrative access to phpipam, and potentially compromise the entire IP address management system and connected infrastructure.
Likely Case
Attackers steal user session cookies, impersonate legitimate users, and access sensitive IP address data and network information.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing any impact.
🎯 Exploit Status
Exploitation requires authenticated access to the circuits options functionality; stored XSS payloads persist and affect all users viewing the compromised page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.0
Vendor Advisory: https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731
Restart Required: No
Instructions:
1. Backup your phpipam database and configuration files. 2. Download phpipam version 1.7.0 from the official repository. 3. Replace the existing installation files with the new version. 4. Verify the fix by checking that the circuits options functionality properly sanitizes input.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize the 'option' parameter before processing.
Modify /phpipam/app/admin/circuits/edit-options-submit.php to add: $option = htmlspecialchars($_POST['option'], ENT_QUOTES, 'UTF-8');
🧯 If You Can't Patch
- Disable circuits options functionality or restrict access to trusted users only.
- Implement a web application firewall (WAF) with XSS protection rules to block malicious payloads.
🔍 How to Verify
Check if Vulnerable:
Test by submitting a script payload (e.g., <script>alert('XSS')</script>) to the 'option' parameter in /phpipam/app/admin/circuits/edit-options-submit.php and check if it executes when viewing the page.Check Version:
Check the version in /phpipam/VERSION or via the phpipam web interface under 'Administration' > 'Version info'.Verify Fix Applied:
After patching, repeat the test with the same payload; it should be displayed as plain text without execution.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /phpipam/app/admin/circuits/edit-options-submit.php with script tags or JavaScript in parameters.
Network Indicators:
- HTTP traffic containing malicious script payloads in POST data to the vulnerable endpoint.
SIEM Query:
source="web_logs" AND url="/phpipam/app/admin/circuits/edit-options-submit.php" AND (request_body CONTAINS "<script>" OR request_body CONTAINS "javascript:")