209 matches found
CVE-2026-48190
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...
CVE-2026-48190
CVE-2026-48190 describes an incorrect permissions handling in OTRS External Interface and the ConfigItem List module that allows an authenticated customer to query CI information. Affected products/versions include OTRS 7.0.x, 8.0.x, 2023.x–2026.x prior to 2026.4.x, with CMDB enabled and Customer...
CVE-2026-48190 Incorrect handling of permissions in External Interface Config Item List module
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...
PT-2026-45262
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...
CVE-2019-25582
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...
CVE-2019-25581
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
CVE-2019-25582 i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...
CVE-2019-25582
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...
CVE-2019-25582
CVE-2019-25582 affects i-doit CMDB 1.12. An authenticated user can download arbitrary files by manipulating the file parameter in index.php with file_manager=image, e.g., requesting src/config.inc.php. This enables retrieval of configuration files and other sensitive system data. The vulnerabilit...
CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
CVE-2019-25581
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
CVE-2019-25581
CVE-2019-25581 affects i-doit CMDB 1.12 and is an SQL injection vulnerability in the objGroupID parameter. An unauthenticated attacker can send crafted GET requests to inject SQL, potentially exfiltrating sensitive database information such as usernames, database names, and version details. The v...
i-doit CMDB 代码问题漏洞
i-doit CMDB is a product of the German company i-doit. There is a code vulnerability in i-doit CMDB version 1.12. This vulnerability stems from the use of the file parameter, which allows arbitrary file downloads, potentially enabling authenticated attackers to download sensitive files...
PT-2026-26929
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
i-doit CMDB SQL注入漏洞
i-doit CMDB is a enterprise-level IT documentation and configuration management database solution developed by the German company i-doit. Version 1.12 of i-doit CMDB contains a SQL injection vulnerability. This vulnerability stems from the objGroupID parameter, which allows for SQL injections,...
CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...
CVE-2020-37078
CVE-2020-37078 involves i-doit Open Source CMDB 1.14.1. The vulnerability is a file deletion flaw in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. An attacker can issue a crafted POST request to the import module (with...
i-doit Open Source CMDB 安全漏洞
i-doit Open Source CMDB is a configuration management database system developed by the German company i-doit. Version 1.14.1 of i-doit Open Source CMDB contains a security vulnerability. This vulnerability stems from a file deletion vulnerability in the deleteimport parameter of the import module...
CVE-2025-11884 Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4...