Doorgets
by Doorgets
Source repositories
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11618 | Cri | 0.64 | 9.8 | 0.02 | Apr 30, 2019 | doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a… | ||
| CVE-2019-11616 | Cri | 0.64 | 9.8 | 0.02 | Apr 30, 2019 | doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password. | ||
| CVE-2019-11617 | Hig | 0.57 | 8.8 | 0.01 | Apr 30, 2019 | doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification. | ||
| CVE-2019-11615 | Hig | 0.57 | 8.8 | 0.02 | Apr 30, 2019 | /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server. | ||
| CVE-2018-11126 | Hig | 0.57 | 8.8 | 0.01 | May 15, 2018 | dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | ||
| CVE-2019-11609 | Hig | 0.54 | 8.2 | 0.04 | Apr 30, 2019 | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||
| CVE-2019-11608 | Hig | 0.54 | 8.2 | 0.04 | Apr 30, 2019 | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||
| CVE-2019-11614 | Hig | 0.49 | 7.5 | 0.02 | Apr 30, 2019 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information. | ||
| CVE-2019-11612 | Hig | 0.49 | 7.5 | 0.03 | Apr 30, 2019 | doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files. | ||
| CVE-2019-11611 | Hig | 0.49 | 7.5 | 0.04 | Apr 30, 2019 | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||
| CVE-2019-11610 | Hig | 0.49 | 7.5 | 0.04 | Apr 30, 2019 | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||
| CVE-2019-11607 | Hig | 0.49 | 7.5 | 0.04 | Apr 30, 2019 | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||
| CVE-2019-11606 | Hig | 0.49 | 7.5 | 0.04 | Apr 30, 2019 | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||
| CVE-2018-20064 | Hig | 0.49 | 7.5 | 0.03 | Dec 11, 2018 | doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. | ||
| CVE-2019-11613 | Med | 0.42 | 6.5 | 0.01 | Apr 30, 2019 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information. | ||
| CVE-2019-11626 | Med | 0.35 | 5.3 | 0.01 | Apr 30, 2019 | routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request. | ||
| CVE-2019-11625 | Med | 0.32 | 4.9 | 0.01 | Apr 30, 2019 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information. | ||
| CVE-2019-11624 | Med | 0.32 | 4.9 | 0.02 | Apr 30, 2019 | doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files. | ||
| CVE-2019-11623 | Med | 0.32 | 4.9 | 0.01 | Apr 30, 2019 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain… | ||
| CVE-2019-11622 | Med | 0.32 | 4.9 | 0.01 | Apr 30, 2019 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information… |
- risk 0.64cvss 9.8epss 0.02
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a…
- risk 0.64cvss 9.8epss 0.02
doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password.
- risk 0.57cvss 8.8epss 0.01
doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification.
- risk 0.57cvss 8.8epss 0.02
/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server.
- risk 0.57cvss 8.8epss 0.01
dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.
- risk 0.54cvss 8.2epss 0.04
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.
- risk 0.54cvss 8.2epss 0.04
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.
- risk 0.49cvss 7.5epss 0.02
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information.
- risk 0.49cvss 7.5epss 0.03
doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files.
- risk 0.49cvss 7.5epss 0.04
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
- risk 0.49cvss 7.5epss 0.04
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
- risk 0.49cvss 7.5epss 0.04
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
- risk 0.49cvss 7.5epss 0.04
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
- risk 0.49cvss 7.5epss 0.03
doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter.
- risk 0.42cvss 6.5epss 0.01
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information.
- risk 0.35cvss 5.3epss 0.01
routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request.
- risk 0.32cvss 4.9epss 0.01
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information.
- risk 0.32cvss 4.9epss 0.02
doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files.
- risk 0.32cvss 4.9epss 0.01
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain…
- risk 0.32cvss 4.9epss 0.01
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information…
Page 1 of 2