CVE-2019-25582

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...

CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

CVE-2019-25581

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

i-doit CMDB SQL注入漏洞

i-doit CMDB is a enterprise-level IT documentation and configuration management database solution developed by the German company i-doit. Version 1.12 of i-doit CMDB contains a SQL injection vulnerability. This vulnerability stems from the objGroupID parameter, which allows for SQL injections,...

CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

EUVD-2024-49393

Malicious code in bioql PyPI...

EUVD-2024-49394

Malicious code in bioql PyPI...

CVE-2024-8750

Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...

CVE-2024-8750

Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...

CVE-2024-8749

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...

CVE-2024-8749

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...

CVE-2024-8750 Cross-site Scripting vulnerability in Idoit pro

Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...

CVE-2024-8750 Cross-site Scripting vulnerability in Idoit pro

Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...

CVE-2024-8750

CVE-2024-8750 concerns i-doit pro (version 28) with a Cross-site Scripting (XSS) flaw caused by insufficient sanitization of the parameters id, lang, mNavID, name, pID, treeNode, type, and view. Exploitation could allow an attacker to retrieve session details from an authenticated user. The publi...

CVE-2024-8749 SQL Injection vulnerability in Idoit pro

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...

CVE-2024-8749

Affects idoit pro v28. The SQL injection vulnerability resides in the API endpoint component isys_api_model_cmdb_objects_by_relation.class.php (ID parameter). Exploitation could allow an attacker to retrieve full database information. Based on the connected PT-2024-39224 entry, the issue can be e...

CVE-2024-8749 SQL Injection vulnerability in Idoit pro

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...

PT-2024-39225 · Unknown · I-Doit Pro

Name of the Vulnerable Software and Affected Versions: idoit pro version 28 Description: A Cross-site Scripting XSS issue allows an attacker to retrieve session details of an authenticated user due to the lack of proper sanitization of the following parameters: id, lang, mNavID, name, pID,...

PT-2024-39224 · Unknown · I-Doit Pro

Name of the Vulnerable Software and Affected Versions: idoit pro version 28 Description: The issue is a SQL injection vulnerability that could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys api model cmdb objects by...