17 matches found
EUVD-2024-49393
Malicious code in bioql PyPI...
EUVD-2024-49394
Malicious code in bioql PyPI...
CVE-2024-8750
Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...
CVE-2024-8750
Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...
CVE-2024-8749
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...
CVE-2024-8749
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...
CVE-2024-8750 Cross-site Scripting vulnerability in Idoit pro
Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...
CVE-2024-8750 Cross-site Scripting vulnerability in Idoit pro
Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...
CVE-2024-8750
CVE-2024-8750 concerns i-doit pro (version 28) with a Cross-site Scripting (XSS) flaw caused by insufficient sanitization of the parameters id, lang, mNavID, name, pID, treeNode, type, and view. Exploitation could allow an attacker to retrieve session details from an authenticated user. The publi...
CVE-2024-8749 SQL Injection vulnerability in Idoit pro
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...
CVE-2024-8749
Affects idoit pro v28. The SQL injection vulnerability resides in the API endpoint component isys_api_model_cmdb_objects_by_relation.class.php (ID parameter). Exploitation could allow an attacker to retrieve full database information. Based on the connected PT-2024-39224 entry, the issue can be e...
CVE-2024-8749 SQL Injection vulnerability in Idoit pro
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...
PT-2024-39225 · Unknown · I-Doit Pro
Name of the Vulnerable Software and Affected Versions: idoit pro version 28 Description: A Cross-site Scripting XSS issue allows an attacker to retrieve session details of an authenticated user due to the lack of proper sanitization of the following parameters: id, lang, mNavID, name, pID,...
PT-2024-39224 · Unknown · I-Doit Pro
Name of the Vulnerable Software and Affected Versions: idoit pro version 28 Description: The issue is a SQL injection vulnerability that could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys api model cmdb objects by...
CVE-2023-46003
I-doit pro 25 and below is vulnerable to Cross Site Scripting XSS via index.php...
CVE-2023-37739
i-doit Pro v25 and below was discovered to be vulnerable to path traversal...
PT-2023-26095 · Unknown · I-Doit Open +1
Name of the Vulnerable Software and Affected Versions: i-doit pro versions 25 and below I-doit open versions 25 and below Description: The software is configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and...