CVE-2018-1000870

Name of the Vulnerable Software and Affected Versions: PHPipam versions 1.3.2 and earlier

Description: The issue concerns a CWE-79 vulnerability in the /app/admin/users/print-user.php file, which can lead to code execution in the victim's browser. This can be exploited by an attacker changing the theme parameter in user settings. The attack occurs when an admin views a user in the admin panel and gets exploited. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: For PHPipam versions 1.3.2 and earlier, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /app/admin/users/print-user.php file and avoid using the theme parameter in user settings until the issue is resolved.