File Deletion Vulnerability in i-doit Open Source CMDB by i-doit
CVE-2020-37078

7.2HIGH

Key Information:

Vendor

I-doit Gmbh

Status
I-doit Open Source Cmdb
Vendor
CVE Published:
3 February 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2020-37078?

The i-doit Open Source CMDB version 1.14.1 is susceptible to a file deletion vulnerability within its import module. This security flaw permits authenticated attackers to exploit the 'delete_import' parameter, allowing them to send crafted POST requests to remove files from the server's filesystem arbitrarily. By manipulating the delete_import parameter with a specially designed filename, attackers can compromise the integrity of the server and disrupt services.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

i-doit Open Source CMDB 1.14.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-37078 - Proof of Concept

References

https://www.exploit-db.com/exploits/48427
exploit
https://www.i-doit.org/
product
https://sourceforge.net/projects/i-doit/
product

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Besim ALTINOK
JSON
.