CVE-2020-37078
Authenticated File Deletion Vulnerability in i-doit CMDB
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| idoit | open_source_cmdb | 1.14.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in i-doit Open Source CMDB version 1.14.1 within its import module. Authenticated attackers can exploit a file deletion flaw by manipulating the delete_import parameter. By sending a specially crafted POST request with a malicious filename, attackers can delete arbitrary files from the server's filesystem.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized deletion of files on the server hosting the i-doit application. Such file deletions can disrupt normal operations, cause data loss, and potentially affect system stability or availability. Since the attacker must be authenticated, it implies that compromised or malicious users could cause significant damage.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know