CVE-2024-41355 in phpipam
Summary
by MITRE • 07/26/2024
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/13/2026
The vulnerability identified as CVE-2024-41355 affects phpipam version 1.6 and represents a critical cross site scripting flaw that resides within the application's request-ip tool component. This vulnerability specifically manifests in the /app/tools/request-ip/index.php file, making it accessible to attackers who can manipulate input parameters to inject malicious scripts into the web application's response. The phpipam platform serves as an IP address management system that facilitates network infrastructure planning and management, making it a valuable target for attackers seeking to compromise network security operations. The vulnerability enables malicious actors to execute arbitrary JavaScript code in the context of a victim's browser session, potentially leading to unauthorized access to sensitive network information or complete compromise of the affected system.
The technical implementation of this XSS vulnerability stems from insufficient input validation and output sanitization within the request-ip functionality. When users submit IP address requests through the web interface, the application fails to properly sanitize user-supplied data before rendering it back to the browser. This allows attackers to inject malicious payloads that can be executed in the context of other users' sessions, particularly those with administrative privileges. The vulnerability falls under CWE-79 which categorizes cross site scripting flaws as a result of inadequate input validation and output encoding. Attackers can exploit this weakness by crafting malicious input strings containing script tags or other JavaScript payloads that get executed when the affected page renders the user input without proper sanitization. The attack vector is particularly concerning because it targets a core functionality of the IPAM system that network administrators frequently use for managing IP address allocations and requests.
The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to perform session hijacking, steal administrative credentials, or manipulate network configurations through the compromised phpipam interface. Network administrators who rely on phpipam for critical infrastructure management face significant risk, as successful exploitation could allow attackers to gain unauthorized access to IP address databases, subnet information, and other sensitive network planning data. The vulnerability also provides a potential entry point for attackers to escalate privileges within the network infrastructure management system, potentially leading to broader security breaches. According to ATT&CK framework, this vulnerability maps to T1566 (Phishing) and T1071.1003 (Application Layer Protocol: DNS) as attackers can use the XSS to redirect users to malicious sites or manipulate DNS-related network configurations. The impact is particularly severe for organizations that depend on phpipam for critical network operations, as the compromise of this system could disrupt network planning processes and provide attackers with detailed insights into network architecture.
Mitigation strategies for CVE-2024-41355 should prioritize immediate patching of the phpipam application to version 1.6 or later where the vulnerability has been addressed. Organizations should implement proper input validation and output encoding measures to prevent similar vulnerabilities in other components of their network infrastructure management systems. Web application firewalls should be configured to detect and block suspicious script injection attempts, while security monitoring systems should be enhanced to detect anomalous user behavior patterns that might indicate exploitation attempts. Network administrators should also consider implementing additional access controls and session management measures to limit the potential damage from successful XSS attacks. The vulnerability serves as a reminder of the critical importance of maintaining up-to-date security patches and implementing robust input sanitization practices across all web applications, particularly those managing sensitive network infrastructure data. Regular security assessments and penetration testing should be conducted to identify and remediate similar vulnerabilities before they can be exploited by malicious actors in the wild.