PT-2026-26930 · Unknown · I-Doit Cmdb
Ihsan Sencan
·
Published
2026-03-21
·
Updated
2026-03-21
·
CVE-2019-25582
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
i-doit CMDB version 1.12
Description
The software contains a flaw that allows authenticated attackers to download sensitive files. This is possible by manipulating the
file parameter in the 'index.php' file. Attackers can send GET requests to ''index.php'' with file manager=image and provide arbitrary file paths, such as src/config.inc.php, to retrieve configuration files and sensitive system data.Recommendations
Apply updates to address the issue in i-doit CMDB version 1.12.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
I-Doit Cmdb