SQL Injection Vulnerability in Idiot Pro Version 28 Could Leak Sensitive Data

CVE-2024-8749

7.5HIGH

Key Information

Vendor
Synetics
Status
Idoit Pro
Vendor
CVE Published:
12 September 2024

Summary

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database.

Affected Version(s)

Idoit pro = 28

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

Adriá Bonilla Martin
Héctor de armas
.