HIGH🇵🇱 Wersja polska

CVE-2019-25581

CVSS 8.8v4.0pub. 2026-03-21upd. 2026-03-24

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • I Doit

    APP
    I-Doit
    1.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2023-37755CRITICAL9.8ten sam produkt

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator creden...

CVE-2023-37756CRITICAL9.8ten sam produkt

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator accou...

CVE-2019-1010248CRITICAL9.8ten sam produkt

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql data...

CVE-2019-25582HIGH7.1ten sam produkt

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to down...

CVE-2024-8749HIGH8.8ten sam produkt

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a spec...