199 matches found
CVE-2019-11625
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user or a user with permission to manage emailing could exploit the vulnerability to obtain database sensitive information...
CVE-2019-11616
doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password...
CVE-2019-11612
doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files...
CVE-2018-11126
dg-user/?controller=users=add in doorGets 7.0 has CSRF that results in adding an administrator account...
CVE-2019-11622
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user or a user with permission to manage modulecategory could exploit the vulnerability to obtain database sensitive information via...
doorGets CMS 12 Shell Upload
==================================================================================================================================== | Title : doorGets CMS v12 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
DoorGets CMS 7.0 Information Disclosure
==================================================================================================================================== | Title : DoorGets CMS v7.0 Sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
doorGets CMS 7.0 Shell Upload
==================================================================================================================================== | Title : doorGets CMS v7.0 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
doorGets SQL Injection Vulnerability
DoorGets is a free and open source content management system. A SQL injection vulnerability exists in /doorgets/app/requests/user/configurationRequest.php in doorGets 7.0 at action=network. A user with remote backend administrator privileges or a user with Manage Network Configuration privileges...
DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13791)
DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/movefile.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server or make the server...
doorGets SQL Injection Vulnerability (CNVD-2019-13802)
DoorGets is a free and open source content management system. A SQL injection vulnerability exists in /doorgets/app/requests/user/modulecategoryRequest.php in doorGets 7.0. This vulnerability can be exploited by a user with remote backend administrator privileges or a user with manage...
DoorGets Default Administrator Credentials Vulnerability
DoorGets is a free and open source content management system. A default administrator credentials vulnerability exists in doorGets 7.0. A remote attacker can exploit the vulnerability by using the H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 accesstoken in the uri=blog&action=index&controller=blog...
DoorGets Arbitrary File Upload Vulnerability
DoorGets is a free and open source content management system. An arbitrary file upload vulnerability exists in /fileman/php/upload.php in doorGets 7.0. A remote, ordinary registered user can exploit this vulnerability to upload a backdoor file to take control of the server...
DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13789)
DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/copydir.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server...
DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13788)
DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/copyfile.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server...
DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13793)
DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/download.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server...
doorGets SQL Injection Vulnerability (CNVD-2019-13795)
DoorGets is a free and open source content management system. A SQL injection vulnerability exists in /doorgets/app/views/ajax/contactView.php in doorGets 7.0. The vulnerability can be exploited by a remote, ordinary registered user to obtain sensitive database information...
DoorGets Cross-Site Request Forgery Vulnerability
DoorGets is a free and open source content management system. A cross-site request forgery vulnerability exists in /doorgets/app/requests/user/configurationRequest.php in doorGets 7.0. A remote attacker can exploit this vulnerability to modify "Google Analytics code"...
DoorGets Arbitrary File Deletion Vulnerability
DoorGets is a free and open source content management system. An arbitrary file deletion vulnerability exists in /fileman/php/deletefile.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to delete arbitrary files...
DoorGets Sensitive Information Disclosure Vulnerability
DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /setup/temp/admin.php and /setup/temp/database.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain the administrator password...