Rodtvs

**Name of the Vulnerable Software and Affected Versions** phpipam versions up to 1.7.4 **Description** A weakness exists in phpipam that could allow for SQL injection. The issue is located in an unknown function within the `app/admin/sections/edit-result.php` file of the Section Handler component. Manipulating the `subnetOrdering` argument can trigger the SQL injection. The attack can be launched remotely, and an exploit is publicly available. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions prior to 1.7.4 should be updated.