HIGH🇬🇧 English

CVE-2019-25582

CVSS 7.1v4.0pub. 2026-03-21upd. 2026-03-24

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths like src/config.inc.php to retrieve configuration files and sensitive system data.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • I Doit

    APP
    I-Doit
    1.12
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-37755CRITICAL9.8ten sam produkt

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator creden...

CVE-2023-37756CRITICAL9.8ten sam produkt

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator accou...

CVE-2019-1010248CRITICAL9.8ten sam produkt

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql data...

CVE-2019-25581HIGH8.8ten sam produkt

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbi...

CVE-2024-8749HIGH8.8ten sam produkt

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a spec...