PT-2019-5828 · Phpipam+1 · Phpipam+1

Georgeo

Published

2016-12-29

Updated

2019-09-23

CVE-2019-16694

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions phpIPAM version 1.4

Description The issue is related to a lack of protection against SQL query structure manipulation in the app/admin/custom-fields/edit-result.php component of the phpIPAM web application. This can be exploited by a remote attacker to execute arbitrary SQL queries.

Recommendations For phpIPAM version 1.4, consider restricting access to the app/admin/custom-fields/edit-result.php component until a patch is available, and avoid using the table parameter with action=add to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2016-2512

BDU:2021-03203

CVE-2019-16694

Affected Products

Alt Linux

Phpipam

PT-2019-5828 · Phpipam+1 · Phpipam+1

CVE-2019-16694

Weakness Enumeration

Related Identifiers

Affected Products

References · 4