CVE-2019-16694

Name of the Vulnerable Software and Affected Versions phpIPAM version 1.4

Description The issue is related to a lack of protection against SQL query structure manipulation in the app/admin/custom-fields/edit-result.php component of the phpIPAM web application. This can be exploited by a remote attacker to execute arbitrary SQL queries.

Recommendations For phpIPAM version 1.4, consider restricting access to the app/admin/custom-fields/edit-result.php component until a patch is available, and avoid using the table parameter with action=add to minimize the risk of exploitation.