Lucene search
+L

199 matches found

CNVD
CNVD
added 2019/05/05 12:0 a.m.5 views

DoorGets Arbitrary File Upload Vulnerability

DoorGets is a free and open source content management system. An arbitrary file upload vulnerability exists in /fileman/php/upload.php in doorGets 7.0. A remote, ordinary registered user can exploit this vulnerability to upload a backdoor file to take control of the server...

8.8CVSS7.2AI score0.01521EPSS
Exploits1References1
CNVD
CNVD
added 2019/05/05 12:0 a.m.6 views

DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13790)

DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/renamefile.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server or make the serv...

8.2CVSS6.3AI score0.04129EPSS
Exploits1References1
CNVD
CNVD
added 2019/05/05 12:0 a.m.4 views

DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13788)

DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/copyfile.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server...

7.5CVSS6.3AI score0.03869EPSS
Exploits1References1
CNVD
CNVD
added 2019/05/05 12:0 a.m.5 views

doorGets SQL Injection Vulnerability

DoorGets is a free and open source content management system. A SQL injection vulnerability exists in /doorgets/app/requests/user/configurationRequest.php in doorGets 7.0 at action=network. A user with remote backend administrator privileges or a user with Manage Network Configuration privileges...

4.9CVSS7.9AI score0.01222EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.2 views

CVE-2019-11621

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user or a user with permission to manage network configuration could exploit the vulnerability to obtain database sensitive...

4.9CVSS5.9AI score0.01222EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.2 views

CVE-2019-11626

routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request...

5.3CVSS5.9AI score0.01264EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.5 views

CVE-2019-11625

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user or a user with permission to manage emailing could exploit the vulnerability to obtain database sensitive information...

4.9CVSS5.9AI score0.01222EPSS
Exploits1References1
NVD
NVD
added 2019/04/30 8:29 p.m.22 views

CVE-2019-11624

doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files...

5.5CVSS5.3AI score0.01596EPSS
Exploits1References1
NVD
NVD
added 2019/04/30 8:29 p.m.22 views

CVE-2019-11625

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user or a user with permission to manage emailing could exploit the vulnerability to obtain database sensitive information...

4.9CVSS5.2AI score0.01222EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.6 views

CVE-2019-11623

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user or a user with permission to manage configuration siteweb could exploit the vulnerability to obtain database sensitive...

4.9CVSS5.9AI score0.01222EPSS
Exploits1References1
NVD
NVD
added 2019/04/30 8:29 p.m.17 views

CVE-2019-11622

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user or a user with permission to manage modulecategory could exploit the vulnerability to obtain database sensitive information via...

4.9CVSS5.1AI score0.01222EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.6 views

CVE-2019-11622

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user or a user with permission to manage modulecategory could exploit the vulnerability to obtain database sensitive information via...

4.9CVSS5.9AI score0.01222EPSS
Exploits1References1
NVD
NVD
added 2019/04/30 8:29 p.m.24 views

CVE-2019-11623

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user or a user with permission to manage configuration siteweb could exploit the vulnerability to obtain database sensitive...

4.9CVSS5.2AI score0.01222EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.6 views

CVE-2019-11624

doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files...

4.9CVSS5.9AI score0.01596EPSS
Exploits1References1
NVD
NVD
added 2019/04/30 8:29 p.m.16 views

CVE-2019-11621

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user or a user with permission to manage network configuration could exploit the vulnerability to obtain database sensitive...

4.9CVSS5.2AI score0.01222EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.2 views

CVE-2019-11611

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information...

7.5CVSS7.2AI score0.03869EPSS
Exploits1References1
NVD
NVD
added 2019/04/30 8:29 p.m.16 views

CVE-2019-11614

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information...

7.5CVSS7.5AI score0.01518EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.2 views

CVE-2019-11614

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information...

7.5CVSS7.2AI score0.01518EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.3 views

CVE-2019-11610

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information...

7.5CVSS7.2AI score0.03869EPSS
Exploits1References1
OSV
OSV
added 2019/04/30 8:29 p.m.3 views

CVE-2019-11612

doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files...

7.5CVSS7.2AI score
Exploits0References1
Rows per page
Query Builder