CVE-2024-8749
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-8749 identifies a SQL injection vulnerability in i-doit pro version 28, which allows attackers to execute crafted queries that can extract all information stored in the database. The affected product is located at /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php. This vulnerability has a high severity rating with a CVSS score of 7.5, indicating a significant risk, particularly to confidentiality, as it requires no user interaction or privileges to exploit. Organizations using this software are advised to implement available patches and update to a secured version to mitigate the risks associated with this vulnerability. Failure to address this issue could lead to unauthorized data access and potentially severe impacts on organizational security and privacy.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.