Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1223: Improper Access Control in phpipam

Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.

CVE
Open in Source
#vulnerability#mac#git#php#auth

Description

In phpIPAM 1.4.5, a normal user with the role of User could download or export IP subnets that may contain sensitive information related data such as IP address, IP state, MAC, owner, hostname and device via export-subnet.php endpoint. The bug is the export-subnet.php should verify the user has at least read permission to the subnet it is exporting and it does not.

Proof of Concept

Tested version: phpIPAM 1.4.5

Parameter: subnetId

Steps to reproduce:

1 Login as user with the role of User.

2 Go to http://{HOST}/app/subnets/addresses/export-subnet.php?subnetId=1&ip_addr=on&state=on&description=on&hostname=on&firewallAddressObject=on&mac=on&owner=on&switch=on&port=on&note=on&location=on&filename=phpipam_subnet_export.xls

3 We can export any related subnet data by changing subnetId parameter value with any running number such as 1, 2, 3 and so forth.

Impact

This vulnerability is capable of Improper Access Control and sensitive data exposure of related party.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE