PT-2026-26930 · Unknown · I-Doit Cmdb
Ihsan Sencan
·
Publicado
2026-03-21
·
Atualizado
2026-03-21
·
CVE-2019-25582
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
i-doit CMDB version 1.12
Description
The software contains a flaw that allows authenticated attackers to download sensitive files. This is possible by manipulating the
file parameter in the 'index.php' file. Attackers can send GET requests to ''index.php'' with file manager=image and provide arbitrary file paths, such as src/config.inc.php, to retrieve configuration files and sensitive system data.Recommendations
Apply updates to address the issue in i-doit CMDB version 1.12.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
I-Doit Cmdb