CWE-79 Vulnerability in PHPipam 1.3.2 and Earlier: Remote Code Execution via User Settings

CWE-79 Vulnerability in PHPipam 1.3.2 and Earlier: Remote Code Execution via User Settings

CVE-2018-1000870 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.

Learn more about our User Device Pen Test.