SQL Injection Vulnerability in phpIPAM Affects Administration Functionality
CVE-2019-16693

9.8CRITICAL

Key Information:

Vendor: PHPipam
Status: PHPipam
Vendor: CVE Published:; 22 September 2019

What is CVE-2019-16693?

phpIPAM 1.4 has a SQL injection vulnerability that can be exploited through the app/admin/custom-fields/order.php table parameter when the action=add is invoked. This security flaw allows an attacker to manipulate SQL queries, potentially compromising the integrity and confidentiality of the database. It is crucial for users of phpIPAM to apply necessary updates and maintain security best practices to mitigate the risk of such vulnerabilities.

References

https://github.com/phpipam/phpipam/issues/2738

https://github.com/MarkLee131/awesome-web-pocs/blob/main/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 22, 2019
Vulnerability Reserved
Sep 22, 2019

PHPipam

What is CVE-2019-16693?

References

CVSS V3.1

Timeline