CVE-2024-8749

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database.
Configurations

Configuration 1 (hide)

cpe:2.3:a:i-doit:i-doit:28:*:*:*:pro:*:*:*

History

18 Sep 2024, 18:53

Type Values Removed Values Added
CPE cpe:2.3:a:i-doit:i-doit:28:*:*:*:pro:*:*:*
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.5
First Time I-doit i-doit
I-doit
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-synetics-idoit-pro - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-synetics-idoit-pro - Third Party Advisory
Summary
  • (es) Vulnerabilidad de inyección SQL en idoit pro versión 28. Esta vulnerabilidad podría permitir a un atacante enviar una consulta especialmente manipulada al parámetro ID en /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php y recuperar toda la información almacenada en la base de datos.

12 Sep 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-12 12:15

Updated : 2024-09-18 18:53


NVD link : CVE-2024-8749

Mitre link : CVE-2024-8749

CVE.ORG link : CVE-2024-8749


JSON object : View

Products Affected

i-doit

  • i-doit
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')