PT-2026-25562 · Undefined · Undefined

Rodtvs

Published

2026-03-15

Updated

2026-03-16

CVE-2026-4189

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpipam versions up to 1.7.4

Description A weakness exists in phpipam that could allow for SQL injection. The issue is located in an unknown function within the app/admin/sections/edit-result.php file of the Section Handler component. Manipulating the subnetOrdering argument can trigger the SQL injection. The attack can be launched remotely, and an exploit is publicly available. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions prior to 1.7.4 should be updated.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-4189

Affected Products

Undefined

PT-2026-25562 · Undefined · Undefined

CVE-2026-4189

Weakness Enumeration

Related Identifiers

Affected Products

References · 8