📄 Description (English)
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details.
🤖 AI Executive Summary
i-doit CMDB 1.12 contains a critical unauthenticated SQL injection vulnerability in the objGroupID parameter that allows attackers to execute arbitrary SQL queries and extract sensitive database information. This vulnerability poses significant risk to Saudi organizations using i-doit for IT asset management, as it requires no authentication and exploits are publicly available. Immediate action is required to isolate affected systems or implement compensating controls.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 25, 2026 11:35
🇸🇦 Saudi Arabia Impact Assessment
High impact for Saudi government agencies, healthcare institutions, and large enterprises using i-doit for IT asset and configuration management. Government entities under NCA oversight and ARAMCO's IT infrastructure are particularly at risk. Banking sector organizations using i-doit for IT operations management face potential exposure of customer data and system configurations. Telecom operators (STC, Mobily) managing network infrastructure through i-doit could experience service disruption and data breach. The vulnerability allows complete database compromise without authentication, enabling attackers to access usernames, credentials, and sensitive IT infrastructure details.
🏢 Affected Saudi Sectors
Government and Public Administration
Banking and Financial Services
Healthcare and Medical Institutions
Energy and Utilities (ARAMCO)
Telecommunications (STC, Mobily, Zain)
Large Enterprises and Corporations
IT Service Providers
Education and Universities
🎯 MITRE ATT&CK Techniques
T1190 - Exploit Public-Facing Application
T1557 - Man-in-the-Middle
T1040 - Traffic Capture or Replay
T1005 - Data from Local System
T1213 - Data from Information Repositories
T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1087 - Account Discovery
T1580 - Cloud Infrastructure Discovery
T1526 - Cloud Service Discovery
T1538 - Cloud Service Dashboard
T1526 - Cloud Service Discovery
⚖️ Saudi Risk Score (AI)
8.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all i-doit 1.12 instances in your environment using network scanning and asset management tools
2. Isolate affected systems from production networks or restrict access to trusted networks only
3. Implement Web Application Firewall (WAF) rules to block requests containing SQL injection patterns in objGroupID parameter
4. Monitor database logs for suspicious SQL queries and unauthorized access attempts
PATCHING GUIDANCE:
1. Upgrade i-doit to version 1.13 or later immediately (patch available in newer versions)
2. If upgrade is not immediately possible, apply vendor security patches when released
3. Test patches in non-production environment before deployment
COMPENSATING CONTROLS:
1. Implement network-level access controls restricting i-doit access to authorized users only
2. Deploy input validation and parameterized queries at application level if source code access available
3. Enable database activity monitoring (DAM) to detect and alert on suspicious SQL patterns
4. Implement rate limiting on i-doit API endpoints
5. Use database user accounts with minimal required privileges
DETECTION RULES:
1. Monitor HTTP GET requests containing SQL keywords (UNION, SELECT, DROP, INSERT) in objGroupID parameter
2. Alert on database connections from i-doit application with unusual query patterns
3. Track failed authentication attempts and privilege escalation attempts in database logs
4. Monitor for extraction of system tables (information_schema, mysql.user, etc.)
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ i-doit 1.12 في بيئتك باستخدام أدوات المسح والإدارة
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج أو تقييد الوصول للشبكات الموثوقة فقط
3. تطبيق قواعد جدار حماية تطبيقات الويب لحجب طلبات حقن SQL في معامل objGroupID
4. مراقبة سجلات قاعدة البيانات للاستعلامات المريبة ومحاولات الوصول غير المصرح بها
إرشادات التصحيح:
1. ترقية i-doit إلى الإصدار 1.13 أو أحدث فوراً
2. إذا لم يكن الترقية ممكنة فوراً، طبق تصحيحات الأمان من المورد عند إصدارها
3. اختبر التصحيحات في بيئة غير الإنتاج قبل النشر
الضوابط التعويضية:
1. تطبيق ضوابط الوصول على مستوى الشبكة لتقييد وصول i-doit للمستخدمين المصرح لهم فقط
2. نشر التحقق من صحة المدخلات والاستعلامات المعاملة على مستوى التطبيق
3. تفعيل مراقبة نشاط قاعدة البيانات للكشف عن أنماط SQL المريبة
4. تطبيق تحديد معدل على نقاط نهاية i-doit API
5. استخدام حسابات مستخدمي قاعدة البيانات بأقل صلاحيات مطلوبة
قواعد الكشف:
1. مراقبة طلبات HTTP التي تحتوي على كلمات SQL في معامل objGroupID
2. تنبيهات على اتصالات قاعدة البيانات بأنماط استعلام غير عادية
3. تتبع محاولات المصادقة الفاشلة وتصعيد الامتيازات
4. مراقبة استخراج جداول النظام
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.8.2.1 - Classification of Information
A.8.2.3 - Handling of Assets
A.12.2.1 - Controls Against Malware
A.12.4.1 - Event Logging
A.12.4.3 - Administrator and Operator Logs
A.13.1.1 - Information Security Incident Procedures
A.14.2.1 - Information Security Requirements
🔵 SAMA CSF
Governance - Policy and Risk Management
Governance - Compliance and Audit
Protection - Access Control
Protection - Data Protection
Detection - Security Monitoring
Response - Incident Management
🟡 ISO 27001:2022
5.1 - Policies for information security
6.1 - Information security roles and responsibilities
8.1 - Operational planning and control
8.2 - Supply chain relationships
8.3 - Information and communication
8.4 - Physical and environmental security
8.5 - Access control
8.6 - Cryptography
8.7 - Physical and logical access
8.32 - Change management
8.33 - Information security testing
8.34 - Development security
A.5.1.1 - Policies for information security
A.6.1.1 - Access control policy
A.8.2.1 - Classification of information
A.12.2.1 - Controls against malware
A.12.4.1 - Event logging
A.13.1.1 - Information security incident procedures
A.14.2.1 - Information security requirements
🟣 PCI DSS v4.0.1
Requirement 1 - Install and maintain a firewall configuration
Requirement 2 - Do not use vendor-supplied defaults
Requirement 6 - Develop and maintain secure systems and applications
Requirement 6.2 - Ensure all system components are protected from known vulnerabilities
Requirement 6.5.1 - Injection flaws
Requirement 10 - Track and monitor all access to network resources
Requirement 10.2 - Implement automated audit trails
🔗 References & Sources 4
🔗
https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip
disclosure@vulncheck.com
Product
🔗
https://www.exploit-db.com/exploits/46134
disclosure@vulncheck.com
Exploit
Third Party Advisory
VDB Entry
🔗
https://www.i-doit.org/
disclosure@vulncheck.com
Product
🔗
https://www.vulncheck.com/advisories/i-doit-cmdb-sql-injection-via-objgroupid-parameter
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
i-doit:i-doit:1.12