CVE-2023-37756

CRITICAL

I-doit pro <25 - Info Disclosure

Title source: llm

Description

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.

Exploits (1)

nomisec WRITEUP 1 stars

by leekenghwa · poc

https://github.com/leekenghwa/CVE-2023-37756-CWE-521-lead-to-malicious-plugin-upload-in-the-i-doit-Pro-25-and-below

View Code ZIP pw:eip

References (2)

[Various Sources] https://medium.com/%40ray.999/idoit-pro-v25-and-below-weak-password-add-on-upload-to-rce-cve-2023-37756-fa1b18433ca3

[Exploit, Third Party Advisory] https://github.com/leekenghwa/CVE-2023-37756-CWE-521-lead-to-malicious-plugin-upload-in-the-i-doit-Pro-25-and-below/blob/main/README.md

Scores

CVSS v3 9.8

EPSS 0.0664

EPSS Percentile 91.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-521

Status published

Products (1)

i-doit/i-doit < 25 (2 CPE variants)

Published Sep 14, 2023

Tracked Since Feb 18, 2026