CVE-2019-25582

Published: Mar 21, 2026 Last Modified: Mar 21, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths like src/config.inc.php to retrieve configuration files and sensitive system data.

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, Not Language-Specific, PHP

Technologies: Web Server

Likelihood of Exploit: Medium

View CWE Details

https://netcologne.dl.sourceforge.net/project/i-doit/i-doit…

https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.1…

https://www.exploit-db.com/exploits/46133

https://www.exploit-db.com/exploits/46133

https://www.i-doit.org/

https://www.i-doit.org/

https://www.vulncheck.com/advisories/i-doit-cmdb-arbitrary-…

https://www.vulncheck.com/advisories/i-doit-cmdb-arbitrary-file-download-via-fi…