PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the “subnet” parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php. Build git clone https://github.com/dnr6419/CVE-2022-23046.git cd CVE-2022-23046 && docker-compose up -d pip3(or pip) install -r requirements.txt python3(or python) CVE-2022-23046.py -h Setup2-1. Go to the http://[YOUR_IP] and Choose [New phpipam installation]. 2-2. Choose [Automatic database installation]. 2-3. MySQL username & Password is “root”/”my_secret_mysql_root_pass”. 2-4. Setting the Password and Login to check the installation is complete.