CVE-2022-41443 : phpipam v1.5.0 was discovered to contain a header injection vulnerability via th

phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.

Published 2022-10-03 16:15:14

Updated 2022-10-05 14:15:00

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-41443

Phpipam » Phpipam » Version: 1.5.0
cpe:2.3:a:phpipam:phpipam:1.5.0:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.48%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-116 Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Assigned by: nvd@nist.gov (Primary)

https://gist.github.com/enferas/7acd9636cc221bbf61d51425ab91ef01

Header injection (SSRF) vulnerability in phpipam · GitHub
Exploit;Third Party Advisory

Jump to