22 matches found
CVE-2014-1459
DoorGets CMS
CVE-2019-11615
CVE-2019-11615 pertains to doorGets 7.0, where an arbitrary file upload vulnerability exists in /fileman/php/upload.php. A remote normal registered user can exploit this to upload backdoor files and gain server control. The Red Hat and CNVD entries corroborate the same issue. The available docume...
CVE-2019-11606
CVE-2019-11606 affects doorGets 7.0, with a vulnerability in /fileman/php/copyfile.php that allows a remote unauthenticated attacker to access server‑sensitive information. The descriptions across Red Hat, CNVD, NVD, and other listings consistently state it as a sensitive information disclosure v...
CVE-2019-11610
DoorGets 7.0 contains a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this to obtain server‑sensitive information. The Red Hat, CNVD, CNVD‑style entries and other references in the connected documents corroborate the ...
CVE-2019-11625
doorGets 7.0 is affected by a SQL injection in /doorgets/app/requests/user/emailingRequest.php. A remote, background administrator privilege user (or a user with permission to manage emailing) could exploit this to obtain sensitive information from the database. The connected sources corroborate ...
CVE-2019-11620
DoorGets 7.0 contains a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. The issue allows a remote privileged user (with backend/ modulecategory rights) to retrieve sensitive data from the database via modulecategory_add_titre. Documents do not specify affecte...
CVE-2019-11616
CVE-2019-11616 affects doorGets 7.0. The vulnerability is a sensitive information disclosure in /setup/temp/admin.php and /setup/temp/database.php, allowing a remote unauthenticated attacker to obtain the administrator password. Affected software: doorGets 7.0 (web CMS). Root cause and vector det...
CVE-2019-11626
CVE-2019-11626 affects doorGets 7.0, where routers/ajaxRouter.php exposes a web site physical path via an ajax/index.php?uri=1234\ request. The published sources (NVD, Red Hat, CNVD, CVE lists) describe an information-disclosure vulnerability in doorGets 7.0’s AJAX router, enabling path leakage. ...
CVE-2019-11624
CVE-2019-11624 affects doorGets 7.0, enabling an arbitrary file deletion via /doorgets/app/requests/user/configurationRequest.php. The issue allows a remote background administrator privilege user to delete arbitrary files. Documents consistently describe the vulnerability but do not provide a pa...
CVE-2019-11613
DoorGets 7.0 is affected by an SQL injection in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit this vulnerability to obtain sensitive database information. The affected software is doorGets 7.0; the root cause is an SQL injection in the contactView.php end...
CVE-2019-11608
CVE-2019-11608 affects doorGets 7.0 with a vulnerability in /fileman/php/renamefile.php that allows a remote unauthenticated attacker to obtain server-sensitive information or make the server unserviceable. This is described across multiple connected sources (NVD, Red Hat, CNVD, etc.). The provid...
CVE-2019-11623
CVE-2019-11623 describes a SQL injection in doorGets 7.0 via /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator or a user with permission to manage configuration siteweb could exploit this to obtain database-sensitive information. The cited...
CVE-2019-11611
DoorGets 7.0 is affected by a sensitive information disclosure in /fileman/php/download.php. A remote unauthenticated attacker can exploit this to obtain server‑sensitive information. The connected records corroborate the issue but do not provide the root cause details, affected versions beyond 7...
CVE-2019-11607
CVE-2019-11607 affects doorGets 7.0. The vulnerability is in /fileman/php/copydir.php and allows a remote unauthenticated attacker to obtain server-sensitive information (information disclosure). Descriptions across sources confirm the issue is tied to doorGets 7.0 and the copydir functionality. ...
CVE-2019-11621
The provided connected sources confirm a SQL injection vulnerability in doorGets 7.0 affecting the file /doorgets/app/requests/user/configurationRequest.php when action=network. A remote attacker with background administrator privileges or permissions to manage network configuration could exploit...
CVE-2019-11614
CVE-2019-11614 refers to a SQL injection in doorGets 7.0, specifically in /doorgets/app/views/ajax/commentView.php. The connected documents confirm a remote, unauthorized attacker could extract sensitive information from the database. The vulnerability is due to improper handling of user-controll...
CVE-2019-11619
CVE-2019-11619 : Multiple connected sources confirm a SQL injection in doorGets 7.0, specifically in /doorgets/app/requests/user/configurationRequest.php when action=analytics. The vulnerability allows a remote backend administrator (or a user with permission to manage configuration analytics) to...
CVE-2019-11609
The CVE-2019-11609 entry concerns doorGets 7.0, where a vulnerability in /fileman/php/movefile.php allows a remote unauthenticated attacker to disclose server‑level sensitive information or render the server unserviceable. The Red Hat and CNVD/CVE mirrors corroborate the same description. Technic...
CVE-2019-11612
CVE-2019-11612 affects doorGets 7.0. The vulnerable component is the /fileman/php/deletefile.php function, described as an arbitrary file deletion vulnerability. A remote unauthenticated attacker can exploit this to delete arbitrary files. No remediation details are provided in the supplied docum...
CVE-2019-11617
doorGets 7.0 is affected by a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php that allows a remote attacker to modify the Google Analytics code. Affected component is the configurationRequest endpoint; root cause is CSRF in user configuration handling. Documents consist...
CVE-2019-11622
CVE-2019-11622 affects doorGets 7.0 with a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) can exploit this flaw to obtain sensitive information from the dat...
CVE-2019-11618
CVE-2019-11618 affects doorGets 7.0 and is caused by a default administrator credential vulnerability. A remote attacker can gain administrator privileges to create/modify articles by using the token H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 in a URI (blog action to /api/index.php). Public docu...