CVE-2026-4189 | phpipam up to 1.7.4 Section edit-result.php subnetOrdering sql injection

A vulnerability, which was classified as critical, was found in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection.

The identification of this vulnerability is CVE-2026-4189. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4189 | phpipam up to 1.7.4 Section edit-result.php subnetOrdering sql injection

Post correlati

CVE-2023-51665 | advplyr audiobookshelf up to 2.6.x Auth.js server-side request forgery

CVE-2024-21648 | XWiki xwiki-platform/xwiki-platform-oldcore Rollback Action insufficient privileges

CVE-2025-47737 | Geal trailer Crate up to 0.1.2 on Rust lib.rs mismatched memory management routines

CVE-2025-15167 | itsourcecode Online Cake Ordering System 1.0 /detailtransac.php ID sql injection