Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-0678: Bugfix: Restrict find_full_subnets.php to CLI · phpipam/phpipam@1960bd2

Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.

CVE
Open in Source
#xss#vulnerability#git#php#auth#sap

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this user All GitHub

  • In this repository All GitHub

Sign in

Sign up

phpipam / phpipam Public

  • Notifications
  • Fork 656
  • Star 1.8k
  • Code
  • Issues 1.4k
  • Pull requests 37
  • Actions
  • Projects
  • Wiki
  • Security
  • Insights

More

Permalink

Browse files

Bugfix: Restrict find_full_subnets.php to CLI

find_full_subnets.php does not verify if the user is authorized to access the data, and if the script was started from a command line.

Reported by ovprophet

  • Loading branch information

GaryAllan committed

Feb 3, 2023

1 parent c3d33be commit 1960bd24e8a55796da066237cf11272c44bb1cc4

Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.

    • find_full_subnets.php
    • CHANGELOG

4 functions/scripts/find_full_subnets.php

Show comments View file

@@ -1,5 +1,8 @@

<?php

# script can only be run from cli

if(php_sapi_name()!="cli") { die(“This script can only be run from cli!”); }

# include required scripts

require_once( dirname(__FILE__) . ‘/…/functions.php’ );

@@ -40,4 +43,3 @@

// do something with output

print_r($out);

}

?>

1 misc/CHANGELOG

Show comments View file

@@ -7,6 +7,7 @@

Security Fixes:

----------------------------

+ XSS (reflected) in 'bw-calulator-result.php’;

+ Restrict find_full_subnets.php to CLI;

== 1.5.0

0 comments on commit 1960bd2

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE