{"id":"CVE-2022-23046","details":"PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the \"subnet\" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php","modified":"2026-04-10T04:44:38.578228Z","published":"2022-01-19T21:15:09.120Z","references":[{"type":"ADVISORY","url":"https://github.com/phpipam/phpipam/releases/tag/v1.4.5"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html"},{"type":"EVIDENCE","url":"https://fluidattacks.com/advisories/mercury/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpipam/phpipam","events":[{"introduced":"0"},{"last_affected":"a14bc06ed6412be21b36f30a2139945c4fb792fe"},{"fixed":"e3d78a3c1e5b86e18bef86c65ab4f1976e294371"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.4"}]}}],"versions":["v1.16.003","v1.19.008","v1.2.0_beta2","v1.3.0","v1.3.2","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23046.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}