Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 14/09/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
i-doit i-doit

CVE-2023-37756 – Weak Password Requirement in admin-center lead to malicious plugin upload in the i-doit Pro 25 and below i-doit Pro 25 and below are vulnerable to weak password requirement vulnerability in admin-center + malicious plugin upload lead to RCE vulnerability These vulnerabilities could allows attacker to easily brute force or password guessed to gain access

CWE-521 https://github.com/leekenghwa/CVE-2023-37756-CWE-521-lead-to-malicious-plugin-upload-in-the-i-doit-Pro-25-and-below/blob/main/README.md https://medium.com/%40ray.999/idoit-pro-v25-and-below-weak-password-add-on-upload-to-rce-cve-2023-37756-fa1b18433ca3 https://nvd.nist.gov https://github.com/leekenghwa/CVE-2023-37756-CWE-521-lead-to-malicious-plugin-upload-in-the-i-doit-Pro-25-and-below

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-37756

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect