Primary

Context

i-doit Open Source CMDB File Deletion Vulnerability in Import Module

Vulnerability

A file deletion vulnerability has been identified in i-doit Open Source CMDB version 1.14.1, specifically within the import module. This vulnerability allows authenticated attackers to delete arbitrary files from the server's filesystem by manipulating the 'delete_import' parameter. Exploitation involves sending a POST request to the import module with a crafted filename, which is then used to remove files from the server.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion on the server.

Reproduction

To reproduce this vulnerability, send a POST request to the i-doit import module (moduleID=50) with the 'delete_import' parameter set to the name of the file intended for deletion. This can be done using a tool like Burp Suite or through a custom script that automates the request.

Added: Feb 3, 2026, 10:45 PM

Updated: Feb 3, 2026, 10:45 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.8

exploitability

6.2

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.8

exploitability

6.2

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

i-doit Open Source CMDB File Deletion Vulnerability in Import Module

Vulnerability

Impact

Reproduction

Affected Products

i-doit Open Source CMDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating