CVE-2023-0678 — AI Deep Analysis Summary

🚨 **Essence**: phpIPAM < 1.5.1 has an **Authorization Bypass** flaw. 📉 **Consequences**: Attackers can download sensitive subnet data (descriptions, IP ranges, usage rates) without logging in.…

🛡️ **Root Cause**: **CWE-862** (Missing Authorization). The `find_full_subnets.php` endpoint fails to verify if the user is authorized.…

🎯 **Affected**: **phpIPAM** versions **prior to 1.5.1**. 📦 **Component**: The `find_full_subnets.php` script within the phpIPAM application. If you are running an older version, you are at risk!

💀 **Attacker Actions**: Unauthenticated users can access **high-usage IP subnet lists**. 📂 **Data Exposed**: Subnet descriptions, specific IP ranges, and usage rates.…

⚡ **Exploitation Threshold**: **LOW**. No authentication required! 🚪 No config tweaks needed. Just a simple HTTP request to the vulnerable endpoint is enough to trigger the data leak. Super easy for attackers.

🔓 **Public Exploit**: **YES**. A PoC is available via **Nuclei templates** (projectdiscovery). 🌐 Wild exploitation is possible since the logic flaw is straightforward and documented. Don't wait!

🔍 **Self-Check**: Scan for the endpoint `find_full_subnets.php`. 🧪 Use Nuclei with the CVE-2023-0678 template. If you get a response with subnet data without being logged in, you are vulnerable! 🚨

✅ **Official Fix**: **YES**. Fixed in **phpIPAM 1.5.1**. 🛠️ The vendor patched the authorization check in the commit `1960bd24e8a55796da066237cf11272c44bb1cc4`. Upgrade immediately!

🚧 **No Patch?**: Block access to `find_full_subnets.php` via WAF or firewall rules. 🛑 Restrict access to the phpIPAM interface to trusted IPs only. Deny unauthenticated requests to this specific PHP file.

🔥 **Urgency**: **HIGH**. Critical data leak with **zero-auth** exploitation. 🏃‍♂️ Patch to v1.5.1+ ASAP. Your internal IP schema is valuable intel for attackers. Don't leave the door open!