CVE-2022-23046

HIGH LAB

phpipam 1.4.4 - Authenticated SQL Injection via Subnet Parameter

Title source: llm

Exploitation Summary

EIP tracks 6 public exploits for CVE-2022-23046. PoCs published by Rodolfo Tavares, incogbyte, dnr6419.

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in PHPIPAM 1.4.4. It authenticates with provided credentials, retrieves a session cookie, and then injects a malicious SQL query to dump user emails, passwords, and 2FA statuses.

Description

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php

Exploits (6)

exploitdb WORKING POC

by Rodolfo Tavares · pythonwebappsphp

https://www.exploit-db.com/exploits/50684

View Code ZIP pw:eip

This exploit demonstrates an authenticated SQL injection vulnerability in PHPIPAM 1.4.4. It authenticates with provided credentials, retrieves a session cookie, and then injects a malicious SQL query to dump user emails, passwords, and 2FA statuses.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PHPIPAM 1.4.4

Auth required

Prerequisites: Valid credentials for PHPIPAM · Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC 4 stars

by incogbyte · pythonpoc

https://github.com/incogbyte/cves_exploits/tree/main/CVE-2022-23046

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2022-23046, an authenticated SQL injection vulnerability in PHPIPAM 1.4.4. The exploit authenticates with provided credentials, retrieves a session token, and executes a crafted SQL query to dump user credentials.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PHPIPAM 1.4.4

Auth required

Prerequisites: valid admin credentials · target URL

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 29, 2026 Full analysis →

nomisec WORKING POC 4 stars

by dnr6419 · poc

https://github.com/dnr6419/CVE-2022-23046

View Code ZIP pw:eip

This is a functional PoC for CVE-2022-23046, an SQL injection vulnerability in phpIPAM v1.4.4. It automates the exploitation of the vulnerability in the 'subnet' parameter of the BGP mapping search functionality, allowing authenticated admin users to extract sensitive information from the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: phpIPAM v1.4.4

Auth required

Prerequisites: Authenticated admin access to phpIPAM · Network access to the phpIPAM instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by bernauers · poc

https://github.com/bernauers/CVE-2022-23046

View Code ZIP pw:eip

This PoC exploits an authenticated SQL injection vulnerability in PHPIPAM 1.4.4 (CVE-2022-23046) to write a malicious PHP file to the target system. The exploit logs in with provided credentials, then injects a SQL payload to create a web shell.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PHPIPAM 1.4.4

Auth required

Prerequisites: Valid credentials for PHPIPAM · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by jcarabantes · poc

https://github.com/jcarabantes/CVE-2022-23046

View Code ZIP pw:eip

This PoC automates SQL injection attacks against phpIPAM's edit-bgp-mapping-search.php endpoint, allowing authenticated admin users to extract sensitive information such as server details, SMTP settings, user hashes, and database schemas.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: phpIPAM v1.4.4 and earlier

Auth required

Prerequisites: Authenticated admin access to phpIPAM · Network access to the target phpIPAM instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by hadrian3689 · poc

https://github.com/hadrian3689/phpipam_1.4.4

View Code ZIP pw:eip

This PoC demonstrates an authenticated SQL injection vulnerability in phpIPAM 1.4.4, allowing database enumeration, file read, and file write operations via the subnet parameter in edit-bgp-mapping-search.php.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: phpIPAM 1.4.4

Auth required

Prerequisites: Authenticated admin access to phpIPAM · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://fluidattacks.com/advisories/mercury/

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/phpipam/phpipam/releases/tag/v1.4.5

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html

Scores

CVSS v3 7.2

EPSS 0.2524

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull phpipam/phpipam-www:v1.4.3

docker pull phpipam/phpipam-cron:latest

https://github.com/jcarabantes/CVE-2022-23046

https://github.com/dnr6419/CVE-2022-23046

https://github.com/hadrian3689/phpipam_1.4.4

+2 more repos

View in Library

Details

CWE

CWE-89

Status published

Products (1)

phpipam/phpipam 1.4.4

Published Jan 19, 2022

Tracked Since Feb 18, 2026