SQL Injection Vulnerability in Idiot Pro Version 28 Could Leak Sensitive Data
CVE-2024-8749

7.5HIGH

Key Information:

Vendor: Synetics
Status: Idoit Pro
Vendor: CVE Published:; 12 September 2024

Summary

A SQL injection vulnerability is present in i-doit Pro version 28. This issue arises when an attacker sends specially crafted queries to the ID parameter located in the isys_api_model_cmdb_objects_by_relation.class.php file. Exploiting this flaw can enable an attacker to access and retrieve sensitive information stored in the database, potentially compromising the integrity and confidentiality of the data. It is crucial for organizations using this platform to implement effective security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Idoit pro 28

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2024
Vulnerability Reserved
Sep 12, 2024

Credit

Adriá Bonilla Martin

Héctor de armas