Vulnerabilities > I Doit

DATE CVE VULNERABILITY TITLE RISK
2019-07-18 CVE-2019-1010248 SQL Injection vulnerability in I-Doit
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection.
network
low complexity
i-doit CWE-89
7.5
2019-06-18 CVE-2019-6965 Cross-site Scripting vulnerability in I-Doit 1.12
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
network
i-doit CWE-79
4.3
2018-12-15 CVE-2018-20159 Improper Input Validation vulnerability in I-Doit 1.11.2
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled.
network
low complexity
i-doit CWE-20
6.5
2014-02-27 CVE-2014-2231 Cross-Site Scripting vulnerability in I-Doit
Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.
network
i-doit CWE-79
4.3
2014-02-27 CVE-2014-1597 SQL Injection vulnerability in I-Doit
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
network
low complexity
i-doit CWE-89
7.5
2014-02-11 CVE-2014-1237 Cross-Site Scripting vulnerability in I-Doit
Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.
network
i-doit CWE-79
4.3
2014-02-11 CVE-2013-1413 Cross-Site Scripting vulnerability in I-Doit 0.9.9/1.0/1.0.2
Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
i-doit CWE-79
4.3