CVE-2023-41580

Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*

History

06 Oct 2023, 15:28

Type Values Removed Values Added
CPE cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*
First Time Phpipam phpipam
Phpipam
CWE CWE-74
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://github.com/ehtec/phpipam-exploit - (MISC) https://github.com/ehtec/phpipam-exploit - Exploit, Third Party Advisory
References (MISC) https://github.com/phpipam/phpipam/commit/c451085476074943eb4056941005c0b61db566c5 - (MISC) https://github.com/phpipam/phpipam/commit/c451085476074943eb4056941005c0b61db566c5 - Patch

02 Oct 2023, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-02 13:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-41580

Mitre link : CVE-2023-41580

CVE.ORG link : CVE-2023-41580


JSON object : View

Products Affected

phpipam

  • phpipam
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')