2 matches found
CVE-2018-20064
CVE-2018-20064 concerns doorGets 7.0, where a directory-traversal flaw lets remote attackers write arbitrary files. The root cause is a crafted request to dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 with content provided in theme_content_nofi, enabling arbitrary file w...
CVE-2018-11126
DoorGets 7.0 is affected by a CSRF vulnerability in the DG-USER flow (dg-user/?controller=users&action=add) that can result in adding an administrator account. This CVE (CVE-2018-11126) is documented with CVSSv3 base score 8.8 (HIGH) and CVSSv2 base score 6.8 (MEDIUM). Connected records consisten...