cve/2021/CVE-2021-46426.md

CVE-2021-46426

Description

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.

POC

Reference

• http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

Github

• https://github.com/20142995/nuclei-templates
• https://github.com/ARPSyndicate/cvemon
• https://github.com/cyb3r-w0lf/nuclei-template-collection
• https://github.com/incogbyte/incogbyte
• https://github.com/rodnt/rodnt
• https://github.com/unp4ck/unp4ck