Doorgets

Doorgets Cms

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2019-11626

Exploit
  • EPSS 0.36%
  • Veröffentlicht 30.04.2019 20:29:02
  • Zuletzt bearbeitet 21.11.2024 04:21:29

routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request.

4.9

CVE-2019-11625

Exploit
  • EPSS 0.32%
  • Veröffentlicht 30.04.2019 20:29:02
  • Zuletzt bearbeitet 21.11.2024 04:21:28

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sens...

5.5

CVE-2019-11624

Exploit
  • EPSS 0.75%
  • Veröffentlicht 30.04.2019 20:29:02
  • Zuletzt bearbeitet 21.11.2024 04:21:28

doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files.

4.9

CVE-2019-11623

Exploit
  • EPSS 0.26%
  • Veröffentlicht 30.04.2019 20:29:02
  • Zuletzt bearbeitet 21.11.2024 04:21:28

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the...

4.9

CVE-2019-11622

Exploit
  • EPSS 0.26%
  • Veröffentlicht 30.04.2019 20:29:02
  • Zuletzt bearbeitet 21.11.2024 04:21:28

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain d...

4.9

CVE-2019-11621

Exploit
  • EPSS 0.26%
  • Veröffentlicht 30.04.2019 20:29:02
  • Zuletzt bearbeitet 21.11.2024 04:21:28

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the...

9.8

CVE-2019-11616

Exploit
  • EPSS 0.97%
  • Veröffentlicht 30.04.2019 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:27

doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password.

4.9

CVE-2019-11620

Exploit
  • EPSS 0.26%
  • Veröffentlicht 30.04.2019 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:28

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain d...

4.9

CVE-2019-11619

Exploit
  • EPSS 0.26%
  • Veröffentlicht 30.04.2019 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:28

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit...

9.8

CVE-2019-11618

Exploit
  • EPSS 0.84%
  • Veröffentlicht 30.04.2019 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:27

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_t...