PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations.
CVSS
No CVSS.
References
Configurations
No configuration.
History
04 Jul 2026, 08:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-04 08:16
Updated : 2026-07-06 19:43
NVD link : CVE-2026-12194
Mitre link : CVE-2026-12194
CVE.ORG link : CVE-2026-12194
JSON object : View
Products Affected
No product.
CWE
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
