CVE-2024-10718

HIGH

Phpipam < 1.7.0 - Cleartext Transmission

Title source: rule

Description

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.

References (2)

[Patch] https://github.com/phpipam/phpipam/commit/ddf70ef6801442eb8b0be5eea829e470e653c70e

View Patch ZIP pw:eip

[Exploit, Third Party Advisory] https://huntr.com/bounties/725bce8f-328f-4fbc-acf5-46ea920cd3c1

Scores

CVSS v3 7.5

EPSS 0.0016

EPSS Percentile 36.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-319 CWE-614

Status published

Products (1)

phpipam/phpipam < 1.7.0

Published Mar 20, 2025

Tracked Since Feb 18, 2026