GCVE - cpe:2.3:a:n/a:phpipam:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:phpipam:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Phpipam (`bcf621a8-f8d5-5b4a-a78c-ff3552c3fcaf`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4965`	vulnerable	2026-06-08 06:16:15.196231	phpipam Header redirect LOW (2.7) A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732. Published: 2023-09-14T20:00:07.601Z Updated: 2024-08-02T07:44:53.442Z Open on db.gcve.eu Reference links https://vuldb.com/?id.239732 https://vuldb.com/?ctiid.239732 https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-23046`	vulnerable	2026-06-08 05:40:56.076307	Details available PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php Published: 2022-01-19T20:38:56.000Z Updated: 2024-08-03T03:28:42.952Z Open on db.gcve.eu Reference links https://fluidattacks.com/advisories/mercury/ https://github.com/phpipam/phpipam/releases/tag/v1.4.5 http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-23045`	vulnerable	2026-06-08 05:40:56.074900	Details available PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS. Published: 2022-01-19T20:38:57.000Z Updated: 2024-08-03T03:28:43.083Z Open on db.gcve.eu Reference links https://github.com/phpipam/phpipam/releases/tag/v1.4.5 https://fluidattacks.com/advisories/osbourne/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.