CVE-2023-0678 HIGH

CVE-2023-0678: Missing Authorization in phpipam/phpipam

Vendor Phpipam
Product phpipam/phpipam
Weakness CWE-862 · Missing authorization
Published February 4, 2023
Last update March 26, 2025
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.

Key dates

02Disclosure timeline

February 4, 2023 CVE published
March 26, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-2732 Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace CVE-2025-66141 WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability CVE-2026-4117 CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action CVE-2022-4950 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation CVE-2024-30515 WordPress Events Manager plugin <= 6.4.6.4 - Broken Access Control vulnerability