[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-1597Date: (C)2014-03-04   (M)2023-12-22


SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0154.html
SECUNIA-56931
BID-65557
http://www.csnc.ch/misc/files/advisories/CVE-2014-1597_i-doit_SQL_Injection.txt
http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141
idoit-cve20141597-sql-injection(91269)

CPE    8
cpe:/a:i-doit:i-doit:1.2.3::~~pro~~~
cpe:/a:i-doit:i-doit:1.2.2::~~pro~~~
cpe:/a:i-doit:i-doit:1.0::~~pro~~~
cpe:/a:i-doit:i-doit:1.1.1::~~pro~~~
...
CWE    1
CWE-89

© SecPod Technologies