doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information.
References
Link | Resource |
---|---|
https://github.com/itodaro/doorGets_cve | Exploit Third Party Advisory |
https://github.com/itodaro/doorGets_cve | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/itodaro/doorGets_cve - Exploit, Third Party Advisory |
Information
Published : 2019-04-30 20:29
Updated : 2024-11-21 04:21
NVD link : CVE-2019-11623
Mitre link : CVE-2019-11623
CVE.ORG link : CVE-2019-11623
JSON object : View
Products Affected
doorgets
- doorgets_cms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')