CVE-2019-11612
published 2019-04-30CVE-2019-11612: doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to…
PriorityP347high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.70%
84.1th percentile
doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| doorgets | doorgets_cms | — | — |
| netty | netty | >= 0 < 1:4.1.7-4ubuntu0.1 | 1:4.1.7-4ubuntu0.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fqv6-qh23-4pgc: doorGets 7
ghsa_unreviewed·2022-05-24
CVE-2019-11612 [HIGH] CWE-22 GHSA-fqv6-qh23-4pgc: doorGets 7
doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files.
OSV
netty vulnerabilities
osv·2020-10-27·CVSS 7.5
CVE-2019-20444 netty vulnerabilities
netty vulnerabilities
USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides
the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty.
Also it was discovered that Netty allow for unbounded memory allocation. A
remote attacker could send a large stream to the Netty server causing it to
crash (denial of service). (CVE-2020-11612)
Original advisory details:
It was discovered that Netty had HTTP request smuggling vulnerabilities. A
remote attacker could used it to extract sensitive information. (CVE-2019-16869,
CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-04-30
Published