CVE-2018-20064
CVE-2018-20064 concerns doorGets 7.0, where a directory-traversal flaw lets remote attackers write arbitrary files. The root cause is a crafted request to dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 with content provided in theme_content_nofi, enabling arbitrary file w...