Product
phpipam
52 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-61078
CVE-2025-60912
CVE-2024-55093
CVE-2024-10727
CVE-2024-10725
CVE-2024-10724
CVE-2024-10723
CVE-2024-10722
CVE-2024-10721
CVE-2024-10720
CVE-2024-10719
CVE-2024-10718
CVE-2024-0787
CVE-2022-1226
CVE-2024-41358
CVE-2024-41354
CVE-2024-41353
CVE-2024-41357
CVE-2024-41356
CVE-2024-41355
CVE-2023-41580
CVE-2023-4965
CVE-2023-24657
CVE-2023-1212
CVE-2023-1211
CVE-2023-0678
CVE-2023-0677
CVE-2023-0676
CVE-2022-3845
CVE-2022-41443
CVE-2022-1225
CVE-2022-1224
CVE-2022-1223
CVE-2021-46426
CVE-2022-23046
CVE-2022-23045
CVE-2021-35438
CVE-2020-13225
CVE-2020-7988
CVE-2019-16696
CVE-2019-16695
CVE-2019-16694
CVE-2019-16693
CVE-2019-16692
CVE-2019-1000010
CVE-2018-1000870
CVE-2018-1000869
CVE-2018-1000860
CVE-2018-10329
CVE-2017-15640
CVE-2017-6481
CVE-2015-6529
all versions
Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web scri
<= 1.7.3
phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql
<= 1.7.3
phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts.
>= 1.5.0 and <= 1.6
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability ari
< 1.7.0
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker t
< 1.7.0
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translat
< 1.7.0
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an at
< 1.7.0
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to i
all versions
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an at
< 1.7.0
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device
< 1.7.0
A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functional
< 1.7.0
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the us
< 1.7.0
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for us
< 1.4.7
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaSc
all versions
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
all versions
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php
all versions
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php
all versions
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
all versions
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php.
all versions
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.
< 1.5.2
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.
all versions
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality
all versions
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subne
< 1.5.2
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
< 1.5.2
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
< 1.5.1
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
< 1.5.1
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
< 1.5.1
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
< 1.5.0
A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionalit
all versions
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
< 1.4.6
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
< 1.4.6
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
< 1.4.6
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
all versions
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
all versions
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via a
all versions
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while upd
all versions
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP ca
all versions
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instruc
all versions
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin,
<= 1.4
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
<= 1.4
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
<= 1.4
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
<= 1.4
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
<= 1.4
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
<= 1.3.2
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in
<= 1.3.2
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute co
all versions
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. Thi
<= 1.3.2
phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie i
all versions
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
< 1.3.1
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.
<= 1.2
Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtratio
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HT