CVE-2019-25581

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

CVE-2019-25582 i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...

CVE-2019-25582

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...

CVE-2019-25582

CVE-2019-25582 affects i-doit CMDB 1.12. An authenticated user can download arbitrary files by manipulating the file parameter in index.php with file_manager=image, e.g., requesting src/config.inc.php. This enables retrieval of configuration files and other sensitive system data. The vulnerabilit...

i-doit CMDB 代码问题漏洞

i-doit CMDB is a product of the German company i-doit. There is a code vulnerability in i-doit CMDB version 1.12. This vulnerability stems from the use of the file parameter, which allows arbitrary file downloads, potentially enabling authenticated attackers to download sensitive files...

PT-2026-26929

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

CVE-2020-37078

CVE-2020-37078 involves i-doit Open Source CMDB 1.14.1. The vulnerability is a file deletion flaw in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. An attacker can issue a crafted POST request to the import module (with...

i-doit Open Source CMDB 安全漏洞

i-doit Open Source CMDB is a configuration management database system developed by the German company i-doit. Version 1.14.1 of i-doit Open Source CMDB contains a security vulnerability. This vulnerability stems from a file deletion vulnerability in the deleteimport parameter of the import module...

i-doit CMDB <= 1.14.2 Multiple Vulnerabilities

i-doit CMDB is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

i-doit CMDB SQL Injection Vulnerability

i-doIT is a CMDB Configuration Management Database based on ITIL technology. An SQL injection vulnerability exists in i-doit CMDB. An attacker can exploit the vulnerability to obtain sensitive database information...

i-doit CMDB 1.12 SQL Injection

Exploit Title: i-doit CMDB 1.12 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12 Category: Webapps Tested on:...

i-doit CMDB Detection

Detection of i-doit CMDB. The script sends a connection request to the server and attempts to detect i-doit CMDB and to extract its version. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

i-doit CMDB 1.12 - Arbitrary File Download

i-doit CMDB 1.12 - Arbitrary File Download Exploit Title: i-doit CMDB 1.12 - Arbitrary File Download Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip...

i-doit CMDB 1.12 - Arbitrary File Download

Exploit Title: i-doit CMDB 1.12 - Arbitrary File Download Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12 Category: Webapps Tested on:...

i-doit CMDB 1.11.2 - Remote Code Execution

i-doit CMDB 1.11.2 - Remote Code Execution Exploit Title: i-doit CMDB 1.11.2 - Remote Code Execution Date: 2018-12-05 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.i-doit.org/ Software Link: https://www.i-doit.org/i-doit-open-1-11-2/ Versio...

i-doit CMDB 1.11.2 Remote Code Execution

Exploit Title: i-doit CMDB 1.11.2 - Remote Code Execution Date: 2018-12-05 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.i-doit.org/ Software Link: https://www.i-doit.org/i-doit-open-1-11-2/ Version: v1.11.2 Category: Webapps Tested on: XAM...