PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations.

Project Subscriptions

Vendors Products
Phpipam Subscribe
Phpipam Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 04 Jul 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Phpipam
Phpipam phpipam
Vendors & Products Phpipam
Phpipam phpipam

Sat, 04 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
Description PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations.
Title PHPIPAM Authenticated LFI
Weaknesses CWE-98
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: PRJBLK

Published:

Updated: 2026-07-04T06:54:21.815Z

Reserved: 2026-06-14T07:01:15.150Z

Link: CVE-2026-12194

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-04T09:00:11Z

Weaknesses