📦 Phpipam

CVE-2024-41353 is a cross-site scripting (XSS) vulnerability in phpipam 1.6 that allows attackers to inject malicious scripts into the group editing interface. This affects administrators who use the ...

CVE-2024-41357 is a cross-site scripting (XSS) vulnerability in phpipam 1.6 that allows attackers to inject malicious scripts via the /app/admin/powerDNS/record-edit.php endpoint. This affects adminis...

This SQL injection vulnerability in phpIPAM allows attackers to execute arbitrary SQL commands through unsanitized user input. It affects all phpIPAM installations prior to version 1.5.2. Attackers co...

This SQL injection vulnerability in phpIPAM v1.4.4 allows authenticated admin users to execute arbitrary SQL commands via the 'subnet' parameter in the BGP mapping search functionality. Attackers with...

phpIPAM through version 1.7.3 contains a reflected Cross-Site Scripting (XSS) vulnerability in its installation scripts. This allows attackers to inject malicious scripts into web pages viewed by user...

A stored cross-site scripting (XSS) vulnerability in phpipam/phpipam version 1.5.2 allows attackers to inject malicious scripts into the circuits options page. When other users view the affected page,...

A stored cross-site scripting (XSS) vulnerability in phpipam/phpipam version 1.5.2 allows attackers to inject malicious scripts into the NAT tool's destination address field. When users interact with ...

A stored cross-site scripting (XSS) vulnerability in phpipam version 1.5.2 allows attackers to inject malicious scripts into NAT destination address fields. These scripts execute when other users view...

A stored cross-site scripting (XSS) vulnerability in phpipam version 1.5.2 allows attackers to inject malicious scripts via the 'option' parameter in circuits functionality. When executed in a user's ...

phpipam 1.6 contains a cross-site scripting vulnerability in the firewall zone network editing interface. This allows attackers to inject malicious scripts that execute in victims' browsers when they ...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in phpIPAM versions prior to 1.5.1. Attackers can inject malicious scripts into web pages that are then executed in victims' bro...

phpIPAM v1.7.3 contains a CSRF vulnerability in the database export functionality that allows attackers to trigger unauthorized database dump downloads. Attackers can craft malicious HTTP GET requests...