CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55093
https://notcve.org/view.php?id=CVE-2024-55093
31 Mar 2025 — phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. • https://github.com/phpipam/phpipam/commit/d0caaeba885364fd0521f094511c5d7b11f9da8f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41580
https://notcve.org/view.php?id=CVE-2023-41580
02 Oct 2023 — Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. Se descubrió que Phpipam anterior a v1.5.2 contenía una vulnerabilidad de inyección LDAP a través del parámetro dname en /users/ad-search-result.php. Esta vulnerabilidad permite a los atacantes enumerar campos arbitrarios en el servidor L... • https://github.com/ehtec/phpipam-exploit • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4965 – phpipam Header redirect
https://notcve.org/view.php?id=CVE-2023-4965
14 Sep 2023 — A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. • https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1211 – SQL Injection in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-1211
06 Mar 2023 — SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. • https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1212 – Cross-site Scripting (XSS) - Stored in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2023-1212
06 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. • https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •