SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HI Doit
APPI-Doit28
Related vulnerabilities
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator accou...
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator creden...
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql data...
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to down...
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbi...