PT-2026-25562 · Undefined · Undefined

Rodtvs

Publicado

2026-03-15

Atualizado

2026-03-16

CVE-2026-4189

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpipam versions up to 1.7.4

Description A weakness exists in phpipam that could allow for SQL injection. The issue is located in an unknown function within the app/admin/sections/edit-result.php file of the Section Handler component. Manipulating the subnetOrdering argument can trigger the SQL injection. The attack can be launched remotely, and an exploit is publicly available. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions prior to 1.7.4 should be updated.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-4189

Produtos afetados

Undefined

PT-2026-25562 · Undefined · Undefined

CVE-2026-4189

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8