CVE-2019-25581
SQL Injection in i-doit CMDB 1.12 Allows Data Extraction
Publication date: 2026-03-21
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| i-doit | i-doit | 1.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in i-doit CMDB version 1.12 is an SQL injection flaw that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter in GET requests.
Because the objGroupID parameter is not properly sanitized, attackers can craft SQL payloads that manipulate the database query, enabling them to extract sensitive information such as usernames, database names, and database version details.
How can this vulnerability impact me? :
This vulnerability can have a significant impact by allowing attackers to access sensitive database information without any authentication.
- Attackers can extract usernames, database names, and version details.
- It can lead to unauthorized disclosure of sensitive data.
- The vulnerability has a high severity score (CVSS v4 base score of 8.8), indicating it is exploitable over the network with low complexity and no privileges required.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending crafted GET requests to the i-doit CMDB application targeting the objGroupID parameter with SQL injection payloads. Successful exploitation typically results in database error messages or leaked sensitive information such as database usernames, database names, or version details.'}, {'type': 'paragraph', 'content': 'A proof-of-concept involves injecting SQL payloads that exploit the objGroupID parameter to cause database errors revealing information. For example, using curl or similar tools to send requests with SQL injection payloads can help detect the vulnerability.'}, {'type': 'list_item', 'content': 'Use curl to send a GET request with a crafted SQL injection payload in the objGroupID parameter, e.g.:'}, {'type': 'list_item', 'content': 'curl "http://target-url/path?objGroupID=1\' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT database()), FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x) y)-- -"'}, {'type': 'paragraph', 'content': 'If the response contains database names, usernames, or version information, the system is vulnerable.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable i-doit CMDB instance to trusted networks only, such as internal networks or VPNs, to reduce exposure to unauthenticated attackers.
Additionally, monitor and block suspicious GET requests containing unusual or malformed objGroupID parameter values that may indicate exploitation attempts.
Since the vulnerability is due to improper sanitization of the objGroupID parameter, applying any available patches or updates from the vendor that fix this SQL injection issue is critical.
If patches are not yet available, consider implementing web application firewall (WAF) rules to detect and block SQL injection patterns targeting the objGroupID parameter.