← Back to CVEs
CVE-2019-25582
MEDIUM6.5
Description
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths like src/config.inc.php to retrieve configuration files and sensitive system data.
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/21/2026
Last Modified3/24/2026
Sourcenvd
Honeypot Sightings0
Affected Products
i-doit:i-doit
Weaknesses (CWE)
CWE-434
References
https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46133(disclosure@vulncheck.com)
https://www.i-doit.org/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/i-doit-cmdb-arbitrary-file-download-via-file-manager-parameter(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.