CVE-2020-37078

Summary

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from the server's filesystem.

Affected Software

VendorProductVersion RangeStatus
i-doit GmbHi-doit Open Source CMDB1.14.1affected

Weaknesses

  • CWE-73: External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References