VYPR
Vendor

I Doit

Products
2
CVEs
18
Across products
19
Status
Private

Products

2

Recent CVEs

18
  • CVE-2020-37078HigFeb 3, 2026
    risk 0.57cvss 8.8epss 0.00

    i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module with a crafted filename to…

  • CVE-2018-20159Dec 15, 2018
    risk 0.04cvss epss 0.10

    i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file…

  • CVE-2019-6965Jun 18, 2019
    risk 0.03cvss epss 0.03

    An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.

  • CVE-2014-1597Feb 27, 2014
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.

  • CVE-2023-37756Sep 14, 2023
    risk 0.01cvss epss 0.01

    I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.

  • CVE-2023-37739Sep 14, 2023
    risk 0.01cvss epss 0.01

    i-doit Pro v25 and below was discovered to be vulnerable to path traversal.

  • CVE-2019-25582Mar 21, 2026
    risk 0.00cvss epss 0.00

    i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file…

  • CVE-2019-25581Mar 21, 2026
    risk 0.00cvss epss 0.00

    i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to…

  • CVE-2023-46003Oct 21, 2023
    risk 0.00cvss epss 0.01

    I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.

  • CVE-2023-37755Sep 14, 2023
    risk 0.00cvss epss 0.01

    i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain…

  • CVE-2023-34830Jun 27, 2023
    risk 0.00cvss epss 0.01

    i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.

  • CVE-2021-3151Feb 27, 2021
    risk 0.00cvss epss 0.01

    i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH,…

  • CVE-2020-13825Aug 19, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter.

  • CVE-2020-13826Aug 19, 2020
    risk 0.00cvss epss 0.01

    A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export.

  • CVE-2019-1010248Jul 18, 2019
    risk 0.00cvss epss 0.01

    Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed…

  • CVE-2014-2231Feb 27, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.

  • CVE-2014-1237Feb 11, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.

  • CVE-2013-1413Feb 11, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.