CVE-2019-16692 in phpipam
Summary
by MITRE
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/08/2025
The vulnerability CVE-2019-16692 represents a critical SQL injection flaw within phpIPAM version 1.4, a widely used IP address management solution that serves as a centralized database for network infrastructure planning and management. This vulnerability specifically affects the custom fields functionality within the application's administrative interface, where the filter-result.php script processes user input without adequate sanitization or validation. The flaw manifests when an attacker manipulates the table parameter through the action=add endpoint, enabling malicious SQL commands to be executed against the underlying database system. This vulnerability directly violates the principle of least privilege and demonstrates a fundamental failure in input validation and parameterized query construction.
The technical exploitation of this vulnerability occurs through the manipulation of the table parameter in the filter-result.php script when the action parameter is set to add. The application fails to properly sanitize user-supplied input before incorporating it into SQL queries, creating an environment where attacker-controlled data can be interpreted as part of the SQL command structure rather than as literal data. This vulnerability maps to CWE-89, which specifically addresses SQL injection flaws where untrusted data is incorporated into SQL commands without proper escaping or parameterization. The attack vector is particularly dangerous because it targets the administrative interface, which typically operates with elevated privileges and can access sensitive network infrastructure data. The vulnerability also aligns with ATT&CK technique T1071.004, which covers application layer protocol manipulation, specifically targeting database communication protocols through malformed input.
The operational impact of this vulnerability is severe and multifaceted, as it allows attackers to execute arbitrary SQL commands against the phpIPAM database with the privileges of the database user. Successful exploitation could result in complete database compromise, including data exfiltration, data modification, or even database destruction. Network administrators managing critical IP address information through phpIPAM would face potential exposure of sensitive network planning data, subnet configurations, and device mappings that could be leveraged for further network reconnaissance and lateral movement attacks. The vulnerability's impact extends beyond immediate data compromise, as it could enable attackers to establish persistent access points within the network infrastructure management system, potentially providing a foothold for broader network infiltration. Organizations relying on phpIPAM for critical network operations would experience significant operational disruption and security risk escalation.
Mitigation strategies for this vulnerability should begin with immediate patching of phpIPAM to version 1.4.1 or later, which includes proper input validation and parameterized query implementation to prevent SQL injection. Network administrators should implement input validation at multiple layers, including web application firewalls and database-level access controls, to provide defense-in-depth protection. The implementation of principle of least privilege should be enforced for database connections, limiting the privileges of the phpIPAM database user to only necessary operations. Additional security measures include enabling detailed logging of database queries and access patterns to detect anomalous behavior, implementing regular security assessments of the web application, and conducting thorough input validation testing. Organizations should also consider implementing database activity monitoring solutions to detect and alert on potential SQL injection attempts, as well as establishing regular vulnerability scanning procedures to identify similar issues in other network management tools and applications.