CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16694
https://notcve.org/view.php?id=CVE-2019-16694
22 Sep 2019 — phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/edit-result.php cuando es usado action=add. • https://github.com/phpipam/phpipam/issues/2738 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16695
https://notcve.org/view.php?id=CVE-2019-16695
22 Sep 2019 — phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/filter.php cuando es usado action=add. • https://github.com/phpipam/phpipam/issues/2738 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16696
https://notcve.org/view.php?id=CVE-2019-16696
22 Sep 2019 — phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. phpIPAM versión 1.4, permite una inyección SQL por medio del parámetro table del archivo app/admin/custom-fields/edit.php cuando es usado action=add. • https://github.com/phpipam/phpipam/issues/2738 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1000010
https://notcve.org/view.php?id=CVE-2019-1000010
04 Feb 2019 — phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4. phpIPAM, en versiones 1.3.2 y anteriores, contiene una vulnerabilidad de Cross-Site Scripting (XSS) en subnet-scan-telnet.php que puede resultar en la ejecución de código en el navegador de la víctima. Este ... • https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000869
https://notcve.org/view.php?id=CVE-2018-1000869
20 Dec 2018 — phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4. phpIPAM 1.3.2 contiene una vulnerabilidad CWE-89 en /app/admin/nat/item-add-submit.php que puede resultar en una inyección SQL. El ataque parece ser explotable mediante un usuario malicioso que ... • https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000870
https://notcve.org/view.php?id=CVE-2018-1000870
20 Dec 2018 — PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4. PHPipam, en versiones 1.3.2 y anteriores, contiene una vulnerabilidad CWE-79 en /app/admin/users/print-user.php que puede resultar en la ejecución de... • https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000860
https://notcve.org/view.php?id=CVE-2018-1000860
20 Dec 2018 — phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the... • https://github.com/phpipam/phpipam/issues/2338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10329
https://notcve.org/view.php?id=CVE-2018-10329
24 Apr 2018 — app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter. app/tools/mac-lookup/index.php en phpIPAM 1.3.1 tiene Cross-Site Scripting (XSS) reflejado en /tools/mac-lookup/ mediante el parámetro mac. • https://github.com/phpipam/phpipam/issues/1903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15640
https://notcve.org/view.php?id=CVE-2017-15640
21 Apr 2018 — app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter. app/sections/user-menu.php en phpIPAM, en versiones anteriores a la 1.3.1 tiene Cross-Site Scripting (XSS) mediante el parámetro ip. • https://github.com/phpipam/phpipam/issues/1521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6481
https://notcve.org/view.php?id=CVE-2017-6481
05 Mar 2017 — Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Múltiples problemas de XSS han sido descubiertos en phpipam 1.2. Las vulnerabilidades existen debido a filtració... • http://www.securityfocus.com/bid/96573 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •