CVE-2023-37756

Name of the Vulnerable Software and Affected Versions I-doit pro versions 25 and below I-doit open versions 25 and below

Description The issue is related to weak password requirements for Administrator account creation in the affected software. This weakness allows attackers to easily guess users' passwords via a bruteforce attack. Additionally, the vulnerability may enable a remote attacker to execute arbitrary code by uploading a malicious plugin.

Recommendations For I-doit pro versions 25 and below: Update the password requirements for Administrator account creation to prevent easy guessing via bruteforce attacks. For I-doit open versions 25 and below: Update the password requirements for Administrator account creation to prevent easy guessing via bruteforce attacks. As a temporary workaround, consider restricting access to the admin-center component to minimize the risk of exploitation.