CVE-2020-7988

Name of the Vulnerable Software and Affected Versions phpIPAM version 1.4

Description An issue was discovered in tools/pass-change/result.php, allowing CSRF to be used to change the password of any user or admin, escalate privileges, and gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password and the lack of security tokens.

Recommendations For phpIPAM version 1.4, consider implementing security tokens and requiring the old password to be provided when changing passwords as a temporary workaround until a patch is available. Restrict access to the tools/pass-change/result.php file to minimize the risk of exploitation.