CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 4CVE-2019-16692 – phpIPAM 1.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-16692
22 Sep 2019 — phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/filter-result.php cuando es usado action=add. phpIPAM version 1.4 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/154651 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16693
https://notcve.org/view.php?id=CVE-2019-16693
22 Sep 2019 — phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/order.php cuando es usado action=add. • https://github.com/phpipam/phpipam/issues/2738 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16694
https://notcve.org/view.php?id=CVE-2019-16694
22 Sep 2019 — phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/edit-result.php cuando es usado action=add. • https://github.com/phpipam/phpipam/issues/2738 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16695
https://notcve.org/view.php?id=CVE-2019-16695
22 Sep 2019 — phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/filter.php cuando es usado action=add. • https://github.com/phpipam/phpipam/issues/2738 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16696
https://notcve.org/view.php?id=CVE-2019-16696
22 Sep 2019 — phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/edit.php cuando es usado action=add. • https://github.com/phpipam/phpipam/issues/2738 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1000010
https://notcve.org/view.php?id=CVE-2019-1000010
04 Feb 2019 — phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4. phpIPAM, en versiones 1.3.2 y anteriores, contiene una vulnerabilidad de Cross-Site Scripting (XSS) en subnet-scan-telnet.php que puede resultar en la ejecución de código en el navegador de la víctima. Este ... • https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000869
https://notcve.org/view.php?id=CVE-2018-1000869
20 Dec 2018 — phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4. phpIPAM 1.3.2 contiene una vulnerabilidad CWE-89 en /app/admin/nat/item-add-submit.php que puede resultar en una inyección SQL. El ataque parece ser explotable mediante un usuario malicioso que ... • https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000870
https://notcve.org/view.php?id=CVE-2018-1000870
20 Dec 2018 — PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4. PHPipam, en versiones 1.3.2 y anteriores, contiene una vulnerabilidad CWE-79 en /app/admin/users/print-user.php que puede resultar en la ejecución de... • https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000860
https://notcve.org/view.php?id=CVE-2018-1000860
20 Dec 2018 — phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the... • https://github.com/phpipam/phpipam/issues/2338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10329
https://notcve.org/view.php?id=CVE-2018-10329
24 Apr 2018 — app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter. app/tools/mac-lookup/index.php en phpIPAM 1.3.1 tiene Cross-Site Scripting (XSS) reflejado en /tools/mac-lookup/ mediante el parámetro mac. • https://github.com/phpipam/phpipam/issues/1903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •