SQL Injection Vulnerability in Idiot Pro Version 28 Could Leak Sensitive Data
CVE-2024-8749

7.5HIGH

Key Information:

Vendor: Synetics
Status: Idoit Pro
Vendor: CVE Published:; 12 September 2024

What is CVE-2024-8749?

A SQL injection vulnerability is present in i-doit Pro version 28. This issue arises when an attacker sends specially crafted queries to the ID parameter located in the isys_api_model_cmdb_objects_by_relation.class.php file. Exploiting this flaw can enable an attacker to access and retrieve sensitive information stored in the database, potentially compromising the integrity and confidentiality of the data. It is crucial for organizations using this platform to implement effective security measures to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Idoit pro 28

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2024
Vulnerability Reserved
Sep 12, 2024

Credit

Adriá Bonilla Martin

Héctor de armas

JSON

Synetics

What is CVE-2024-8749?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.