2019-09-22 17:15:13 2019-10-02 01:15:11

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.