Doorgets Cms vulnerabilities
22 known vulnerabilities affecting doorgets/doorgets_cms.
Total CVEs
22
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH10MEDIUM10
Vulnerabilities
Page 1 of 2
CVE-2014-1459P3MEDIUMCVSS 6.5PoC≤ 5.2v3.0+1 more2014-02-11
CVE-2014-1459 [MEDIUM] CWE-89 CVE-2014-1459: SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote auth
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
nvd
CVE-2019-11618P3CRITICALCVSS 9.8v7.02019-04-30
CVE-2019-11618 [CRITICAL] CWE-1188 CVE-2019-11618: doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vu
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.
nvd
CVE-2019-11615P3HIGHCVSS 8.8v7.02019-04-30
CVE-2019-11615 [HIGH] CWE-434 CVE-2019-11615: /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal
/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server.
nvd
CVE-2019-11616P3CRITICALCVSS 9.8v7.02019-04-30
CVE-2019-11616 [CRITICAL] CVE-2019-11616: doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setu
doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password.
nvd
CVE-2019-11612P3HIGHCVSS 7.5v7.02019-04-30
CVE-2019-11612 [HIGH] CWE-22 CVE-2019-11612: doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote u
doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files.
nvd
CVE-2019-11608P3HIGHCVSS 8.2v7.02019-04-30
CVE-2019-11608 [HIGH] CWE-22 CVE-2019-11608: doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.
nvd
CVE-2019-11609P3HIGHCVSS 8.2v7.02019-04-30
CVE-2019-11609 [HIGH] CWE-22 CVE-2019-11609: doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A re
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.
nvd
CVE-2019-11611P3HIGHCVSS 7.5v7.02019-04-30
CVE-2019-11611 [HIGH] CWE-22 CVE-2019-11611: doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A re
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
nvd
CVE-2019-11606P3HIGHCVSS 7.5v7.02019-04-30
CVE-2019-11606 [HIGH] CWE-22 CVE-2019-11606: doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A re
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
nvd
CVE-2019-11610P3HIGHCVSS 7.5v7.02019-04-30
CVE-2019-11610 [HIGH] CWE-22 CVE-2019-11610: doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
nvd
CVE-2019-11607P3HIGHCVSS 7.5v7.02019-04-30
CVE-2019-11607 [HIGH] CWE-22 CVE-2019-11607: doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A rem
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
nvd
CVE-2019-11614P3HIGHCVSS 7.5v7.02019-04-30
CVE-2019-11614 [HIGH] CWE-89 CVE-2019-11614: doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information.
nvd
CVE-2019-11617P3HIGHCVSS 8.8v7.02019-04-30
CVE-2019-11617 [HIGH] CWE-352 CVE-2019-11617: doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A rem
doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification.
nvd
CVE-2019-11613P3MEDIUMCVSS 6.5v7.02019-04-30
CVE-2019-11613 [MEDIUM] CWE-89 CVE-2019-11613: doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information.
nvd
CVE-2019-11619P4MEDIUMCVSS 4.9v7.02019-04-30
CVE-2019-11619 [MEDIUM] CWE-89 CVE-2019-11619: doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.p
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information.
nvd
CVE-2019-11625P4MEDIUMCVSS 4.9v7.02019-04-30
CVE-2019-11625 [MEDIUM] CWE-89 CVE-2019-11625: doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information.
nvd
CVE-2019-11622P4MEDIUMCVSS 4.9v7.02019-04-30
CVE-2019-11622 [MEDIUM] CWE-89 CVE-2019-11622: doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre.
nvd
CVE-2019-11620P4MEDIUMCVSS 4.9v7.02019-04-30
CVE-2019-11620 [MEDIUM] CWE-89 CVE-2019-11620: doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre.
nvd
CVE-2019-11623P4MEDIUMCVSS 4.9v7.02019-04-30
CVE-2019-11623 [MEDIUM] CWE-89 CVE-2019-11623: doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.p
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information.
nvd
CVE-2019-11621P4MEDIUMCVSS 4.9v7.02019-04-30
CVE-2019-11621 [MEDIUM] CWE-89 CVE-2019-11621: doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.p
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability to obtain database sensitive information.
nvd
1 / 2Next →