CVE-2019-1010248

2019-07-1817:59:39

dwf

www.cve.org

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1.

CNA Affected

[
  {
    "product": "I-doit",
    "vendor": "Synetics GmbH",
    "versions": [
      {
        "status": "affected",
        "version": "1.12 and earlier [fixed: 1.12.1]"
      }
    ]
  }
]

References

sourceforge.net/projects/i-doit/files/i-doit/1.12.1/CHANGELOG/download