CVE-2024-8749 | Synetics Idoit Pro 28 Query isys_api_model_cmdb_objects_by_relation.class.php ID sql injection

Posted by Angelo Barbosa | Sep 12, 2024 | CVE

A vulnerability, which was classified as critical, was found in Synetics Idoit Pro 28. Affected is an unknown function of the file /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php of the component Query Handler. The manipulation of the argument ID leads to sql injection.

This vulnerability is traded as CVE-2024-8749. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-8749 | Synetics Idoit Pro 28 Query isys_api_model_cmdb_objects_by_relation.class.php ID sql injection

Related Posts

CVE-2024-0439 | mintplex-labs anything-llm up to 0.0.x Setting privileges management

CVE-2023-43481 | Shenzhen TCL Browser TV Web BrowseHere 6.65.022_dab24cc6_231221_gp code injection

CVE-2024-6731 | SourceCodester Student Study Center Desk Management System 1.0 Master.php id sql injection

CVE-2024-6365 | WBW Product Table Plugin up to 2.0.1 on WordPress Remote Code Execution