SQL Injection Vulnerability in phpIPAM by phpIPAM
CVE-2019-16696

9.8CRITICAL

Key Information:

Vendor: PHPipam
Status: PHPipam
Vendor: CVE Published:; 22 September 2019

What is CVE-2019-16696?

The phpIPAM 1.4 version contains a vulnerability that allows attackers to exploit SQL injection through the 'table' parameter in the edit.php file located in the admin section. When the action is set to 'add', improper input validation can lead to unauthorized access to the underlying database. This flaw can be exploited to manipulate and extract sensitive data, posing significant risks to data integrity and confidentiality.

References

https://github.com/phpipam/phpipam/issues/2738

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2019
Vulnerability Reserved
Sep 22, 2019

PHPipam

What is CVE-2019-16696?

References

CVSS V3.1

Timeline