{"id":"CVE-2018-1000869","details":"phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.","modified":"2026-04-10T04:03:34.011966Z","published":"2018-12-20T17:29:00.737Z","references":[{"type":"FIX","url":"https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d"},{"type":"EVIDENCE","url":"https://github.com/phpipam/phpipam/issues/2344"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpipam/phpipam","events":[{"introduced":"0"},{"last_affected":"d22e50224ad89ec31c329576a25ba6ec64903857"},{"fixed":"856b10ca85a24c04ed8651f4e13f867ec78a353d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.2"}]}}],"versions":["v1.16.003","v1.19.008","v1.2.0_beta2","v1.3.0","v1.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000869.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}