Charles Hooper

**Name of the Vulnerable Software and Affected Versions** phpIP Management version 4.3.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `password` parameter to "login.php" and the `id` parameter to "display.php", as well as other unspecified vectors. **Recommendations** For phpIP Management version 4.3.2, avoid using the `password` parameter in "login.php" and the `id` parameter in "display.php" until a fix is available. Consider restricting access to these endpoints as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this issue.