Lucene search
+L
DoorgetsDoorgets Cms

22 matches found

cve
cve
added 2014/02/11 5:0 p.m.65 views

CVE-2014-1459

DoorGets CMS

6.5CVSS8.1AI score0.02269EPSS
Web
cve
cve
added 2019/04/30 7:40 p.m.58 views

CVE-2019-11615

CVE-2019-11615 pertains to doorGets 7.0, where an arbitrary file upload vulnerability exists in /fileman/php/upload.php. A remote normal registered user can exploit this to upload backdoor files and gain server control. The Red Hat and CNVD entries corroborate the same issue. The available docume...

8.8CVSS8.6AI score0.01521EPSS
cve
cve
added 2019/04/30 7:38 p.m.57 views

CVE-2019-11606

CVE-2019-11606 affects doorGets 7.0, with a vulnerability in /fileman/php/copyfile.php that allows a remote unauthenticated attacker to access server‑sensitive information. The descriptions across Red Hat, CNVD, NVD, and other listings consistently state it as a sensitive information disclosure v...

7.5CVSS7.2AI score0.03869EPSS
cve
cve
added 2019/04/30 7:39 p.m.55 views

CVE-2019-11610

DoorGets 7.0 contains a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this to obtain server‑sensitive information. The Red Hat, CNVD, CNVD‑style entries and other references in the connected documents corroborate the ...

7.5CVSS7.2AI score0.03869EPSS
cve
cve
added 2019/04/30 7:41 p.m.55 views

CVE-2019-11625

doorGets 7.0 is affected by a SQL injection in /doorgets/app/requests/user/emailingRequest.php. A remote, background administrator privilege user (or a user with permission to manage emailing) could exploit this to obtain sensitive information from the database. The connected sources corroborate ...

4.9CVSS5.2AI score0.01222EPSS
cve
cve
added 2019/04/30 7:41 p.m.54 views

CVE-2019-11620

DoorGets 7.0 contains a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. The issue allows a remote privileged user (with backend/ modulecategory rights) to retrieve sensitive data from the database via modulecategory_add_titre. Documents do not specify affecte...

4.9CVSS5.1AI score0.01222EPSS
cve
cve
added 2019/04/30 7:40 p.m.51 views

CVE-2019-11616

CVE-2019-11616 affects doorGets 7.0. The vulnerability is a sensitive information disclosure in /setup/temp/admin.php and /setup/temp/database.php, allowing a remote unauthenticated attacker to obtain the administrator password. Affected software: doorGets 7.0 (web CMS). Root cause and vector det...

9.8CVSS8.7AI score0.02435EPSS
cve
cve
added 2019/04/30 7:42 p.m.51 views

CVE-2019-11626

CVE-2019-11626 affects doorGets 7.0, where routers/ajaxRouter.php exposes a web site physical path via an ajax/index.php?uri=1234\ request. The published sources (NVD, Red Hat, CNVD, CVE lists) describe an information-disclosure vulnerability in doorGets 7.0’s AJAX router, enabling path leakage. ...

5.3CVSS5.1AI score0.01264EPSS
cve
cve
added 2019/04/30 7:41 p.m.49 views

CVE-2019-11624

CVE-2019-11624 affects doorGets 7.0, enabling an arbitrary file deletion via /doorgets/app/requests/user/configurationRequest.php. The issue allows a remote background administrator privilege user to delete arbitrary files. Documents consistently describe the vulnerability but do not provide a pa...

5.5CVSS5.3AI score0.01596EPSS
cve
cve
added 2019/04/30 7:39 p.m.48 views

CVE-2019-11613

DoorGets 7.0 is affected by an SQL injection in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit this vulnerability to obtain sensitive database information. The affected software is doorGets 7.0; the root cause is an SQL injection in the contactView.php end...

6.5CVSS6.5AI score0.01183EPSS
cve
cve
added 2019/04/30 7:38 p.m.47 views

CVE-2019-11608

CVE-2019-11608 affects doorGets 7.0 with a vulnerability in /fileman/php/renamefile.php that allows a remote unauthenticated attacker to obtain server-sensitive information or make the server unserviceable. This is described across multiple connected sources (NVD, Red Hat, CNVD, etc.). The provid...

8.2CVSS7.6AI score0.04129EPSS
cve
cve
added 2019/04/30 7:39 p.m.46 views

CVE-2019-11611

DoorGets 7.0 is affected by a sensitive information disclosure in /fileman/php/download.php. A remote unauthenticated attacker can exploit this to obtain server‑sensitive information. The connected records corroborate the issue but do not provide the root cause details, affected versions beyond 7...

7.5CVSS7.2AI score0.03869EPSS
cve
cve
added 2019/04/30 7:41 p.m.46 views

CVE-2019-11623

CVE-2019-11623 describes a SQL injection in doorGets 7.0 via /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator or a user with permission to manage configuration siteweb could exploit this to obtain database-sensitive information. The cited...

4.9CVSS5.2AI score0.01222EPSS
cve
cve
added 2019/04/30 7:38 p.m.45 views

CVE-2019-11607

CVE-2019-11607 affects doorGets 7.0. The vulnerability is in /fileman/php/copydir.php and allows a remote unauthenticated attacker to obtain server-sensitive information (information disclosure). Descriptions across sources confirm the issue is tied to doorGets 7.0 and the copydir functionality. ...

7.5CVSS7.2AI score0.03869EPSS
cve
cve
added 2019/04/30 7:41 p.m.45 views

CVE-2019-11621

The provided connected sources confirm a SQL injection vulnerability in doorGets 7.0 affecting the file /doorgets/app/requests/user/configurationRequest.php when action=network. A remote attacker with background administrator privileges or permissions to manage network configuration could exploit...

4.9CVSS5.2AI score0.01222EPSS
cve
cve
added 2019/04/30 7:40 p.m.44 views

CVE-2019-11614

CVE-2019-11614 refers to a SQL injection in doorGets 7.0, specifically in /doorgets/app/views/ajax/commentView.php. The connected documents confirm a remote, unauthorized attacker could extract sensitive information from the database. The vulnerability is due to improper handling of user-controll...

7.5CVSS7.5AI score0.01518EPSS
cve
cve
added 2019/04/30 7:40 p.m.44 views

CVE-2019-11619

CVE-2019-11619 : Multiple connected sources confirm a SQL injection in doorGets 7.0, specifically in /doorgets/app/requests/user/configurationRequest.php when action=analytics. The vulnerability allows a remote backend administrator (or a user with permission to manage configuration analytics) to...

4.9CVSS5.2AI score0.01222EPSS
cve
cve
added 2019/04/30 7:39 p.m.43 views

CVE-2019-11612

CVE-2019-11612 affects doorGets 7.0. The vulnerable component is the /fileman/php/deletefile.php function, described as an arbitrary file deletion vulnerability. A remote unauthenticated attacker can exploit this to delete arbitrary files. No remediation details are provided in the supplied docum...

7.5CVSS7.6AI score0.02699EPSS
cve
cve
added 2019/04/30 7:40 p.m.43 views

CVE-2019-11617

doorGets 7.0 is affected by a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php that allows a remote attacker to modify the Google Analytics code. Affected component is the configurationRequest endpoint; root cause is CSRF in user configuration handling. Documents consist...

8.8CVSS8.6AI score0.00823EPSS
cve
cve
added 2019/04/30 7:41 p.m.43 views

CVE-2019-11622

CVE-2019-11622 affects doorGets 7.0 with a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) can exploit this flaw to obtain sensitive information from the dat...

4.9CVSS5.1AI score0.01222EPSS
cve
cve
added 2019/04/30 7:38 p.m.42 views

CVE-2019-11609

The CVE-2019-11609 entry concerns doorGets 7.0, where a vulnerability in /fileman/php/movefile.php allows a remote unauthenticated attacker to disclose server‑level sensitive information or render the server unserviceable. The Red Hat and CNVD/CVE mirrors corroborate the same description. Technic...

8.2CVSS7.6AI score0.04018EPSS
cve
cve
added 2019/04/30 7:40 p.m.42 views

CVE-2019-11618

CVE-2019-11618 affects doorGets 7.0 and is caused by a default administrator credential vulnerability. A remote attacker can gain administrator privileges to create/modify articles by using the token H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 in a URI (blog action to /api/index.php). Public docu...

9.8CVSS9.4AI score0.02283EPSS