SQL Injection Vulnerability in Idiot Pro Version 28 Could Leak Sensitive Data
CVE-2024-8749
7.5HIGH
Key Information
- Vendor
- Synetics
- Status
- Idoit Pro
- Vendor
- CVE Published:
- 12 September 2024
Summary
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database.
Affected Version(s)
Idoit pro = 28
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability Reserved
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Adriá Bonilla Martin
Héctor de armas