PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations.
Metrics
Affected Vendors & Products
References
History
Sat, 04 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Phpipam
Phpipam phpipam |
|
| Vendors & Products |
Phpipam
Phpipam phpipam |
Sat, 04 Jul 2026 07:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations. | |
| Title | PHPIPAM Authenticated LFI | |
| Weaknesses | CWE-98 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: PRJBLK
Published:
Updated: 2026-07-04T06:54:21.815Z
Reserved: 2026-06-14T07:01:15.150Z
Link: CVE-2026-12194
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-04T09:00:11Z