CVE-2019-16692

Name of the Vulnerable Software and Affected Versions phpIPAM version 1.4

Description The issue is related to a lack of protection against SQL query structure manipulation in the app/admin/custom-fields/filter-result.php component of the phpIPAM web application. This can be exploited by a remote attacker to execute arbitrary SQL queries.

Recommendations For phpIPAM version 1.4, consider restricting access to the filter-result.php file until a patch is available, and avoid using the table parameter in the affected API endpoint when action=add is used. At the moment, there is no information about a newer version that contains a fix for this vulnerability.