Description

phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.

INFO

Published Date :

2024-11-15T10:57:05.410Z

Last Modified :

2024-11-15T19:09:48.262Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-0787 vulnerability.

Vendors Products
Phpipam
  • Phpipam
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-0787.

URL Resource
https://github.com/phpipam/phpipam/commit/55c2056068be9f1359e967fcff64db6b7f4d00b5 cve-icon cve-icon
https://huntr.com/bounties/840cb582-1feb-43ab-9cc4-e4b5a63c5bab cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact