Skip to content

phpIPAM

Configuration Management

Open‑source web IP address management (IPAM) application

Track releases GitHub Website
PHP Latest v1.8.1 · 1mo ago Security brief →

Features

  • Web‑based IP address tracking and allocation
  • Ajax interface using jQuery, PHP scripts, HTML5/CSS3
  • RESTful API for integration

Recent releases

View all 3 releases →
v1.8.1 Bugfix

Minor fixes and improvements.

Full changelog 
Bugfixes:
----------------------------
+ PHP8 compatibility fixes;
+ Rack SVG image errors (#4595);
View release on GitHub
v1.8.0 Breaking risk
Security fixes
  • Authenticated RCE via ping_path parameter
  • XSS in HTTP_X_FORWARDED_PORT, install scripts, DHCP hostname, IP instructions, and password vault
  • SQL injection via subnetOrdering
Notable features
  • Device search functionality
  • Subrack support for nested racks
  • API locking methods (file and MySQL)
Full changelog 
Bugfixes:
----------------------------
+ PHP8 compatibility fixes;
+ Fixed passkeys upgrade queries;
+ MySQL no active transaction error during upgrades (#4319);
+ $config['disable_main_login_form'] shows blank page (#4317);
+ Unable to clear custom fields (#4313);
+ Modified the text shortening of subnet descriptions (#4279, #4280);
+ Slow UI performance with bootstrap v3.4.1 (#4311);
+ Workaround PHP bug GH-16870 (#4339);
+ Request new IP hangs (#4346);
+ Fixed required fields validation (#4328);
+ Can not empty address fields (#4322);
+ Rack module allows devices to exceed rack boundaries (#4423);
+ Rack dropdown providing option that is impossible (#4409);
+ API call to PATCH vlan fails with "Vlan name is required" (#1356);
+ Invalid content type when using API (#4168);
+ Deletion of Default L2domain permitted through API (#4419);
+ Empty POST to Devices API Controller produces a blank device (#4307);
+ jQuery error when adding an IP address range (#4350);
+ Request new IP hangs (#4346);

Enhancements, changes:
----------------------------
+ Don't update PowerDNS `change_date` removed in v2.1.9;
+ Added Isle of Man postcodes (#4318);
+ Adds search functionality for Devices (#4406);
+ Added `lastSeen` to IP Address export (#2433);
+ User and Edit IP instructions now use Markdown;
+ Make Rack Devices Clickable from picture (#2372);
+ Setting to enable/disable devices overlapping in racks (#4424);
+ Colorization of rack devices; devices can be deep (front & back) of a rack (#4431);
+ Organize racks in a location using rows or rooms (#4433);
+ Support for embedding a rack into a rack, "Subrack" (#3069, #1552, #1623);
+ Added API locking methods (File, MySQL);

Security Fixes:
----------------------------
+ XSS - reflected via HTTP_X_FORWARDED_PORT;
+ XSS - Reflected in install scripts;
+ XSS - via unescaped DHCP Kea hostname;
+ XSS - Unsafe HTML allowed in Request IP Instructions;
+ XSS - Unsafe HTML allowed in Password vault;
+ Local exposure of DB credentials via mysqldump;
+ Added CSRF cookie for clear-changelog and clear-log;
+ Added CSRF cookie for data exports;
+ RCE - Authenticated remote code execution via ping_path;
+ SQL injection via subnetOrdering;
+ Missing admin authorization checks;
+ Missing module authorization checks;

Translations:
----------------------------
+ Updated Russian translation (#4489);
View release on GitHub
v1.7.4 Security relevant
Security fixes
  • CSRF protection added for clear-changelog and clear-log actions
  • XSS reflected in install scripts
  • XSS unsafe HTML in Request IP Instructions
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
2,734
Forks
791
Languages
PHP JavaScript CSS
View on GitHub Homepage Live demo

Install & Platforms

Install via
docker

Similar tools

PhpCodeArcheology/PhpCodeArcheology
kaneo
espocrm

Beta — feedback welcome: [email protected]