CVE-2019-25581 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code thro…
High CVSS: 8.8

CVE-2019-25581

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details.
Vendor
I-doit
Product
I-doit
CWE
CWE-89
Yayın Tarihi
2026-03-21 16:16:02
Güncelleme
2026-03-24 20:38:26
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-89 I-doit HIGH I-doit 2026

Referanslar

https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip https://www.exploit-db.com/exploits/46134 https://www.i-doit.org/ https://www.vulncheck.com/advisories/i-doit-cmdb-sql-injection-via-objgroupid-parameter