CVE-2024-10718

HIGH

phpipam < 1.7.0 - Cleartext Transmission of Sensitive Information via Cookie Secure Attribute

Title source: llm

Description

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.

References (2)

Core 2

Core References

Patch

https://github.com/phpipam/phpipam/commit/ddf70ef6801442eb8b0be5eea829e470e653c70e

View Patch ZIP pw:eip

Exploit, Third Party Advisory

https://huntr.com/bounties/725bce8f-328f-4fbc-acf5-46ea920cd3c1

Scores

CVSS v3 7.5

EPSS 0.0029

EPSS Percentile 20.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-319 CWE-614

Status published

Products (1)

phpipam/phpipam < 1.7.0

Published Mar 20, 2025

Tracked Since Feb 18, 2026