Vulnerabilities > Doorgets > Doorgets CMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-30 CVE-2019-11626 Pathname Traversal and Equivalence Errors vulnerability in Doorgets CMS 7.0
routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request.
network
low complexity
doorgets CWE-21
5.0
5.0
2019-04-30 CVE-2019-11625 SQL Injection vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php.
network
low complexity
doorgets CWE-89
4.0
4.0
2019-04-30 CVE-2019-11624 Path Traversal vulnerability in Doorgets CMS 7.0
doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php.
network
low complexity
doorgets CWE-22
5.5
5.5
2019-04-30 CVE-2019-11623 SQL Injection vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb.
network
low complexity
doorgets CWE-89
4.0
4.0
2019-04-30 CVE-2019-11622 SQL Injection vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php.
network
low complexity
doorgets CWE-89
4.0
4.0
2019-04-30 CVE-2019-11621 SQL Injection vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network.
network
low complexity
doorgets CWE-89
4.0
4.0
2019-04-30 CVE-2019-11620 SQL Injection vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php.
network
low complexity
doorgets CWE-89
4.0
4.0
2019-04-30 CVE-2019-11619 SQL Injection vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics.
network
low complexity
doorgets CWE-89
4.0
4.0
2019-04-30 CVE-2019-11617 Cross-Site Request Forgery (CSRF) vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php.
network
doorgets CWE-352
6.8
6.8
2019-04-30 CVE-2019-11616 Unspecified vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php.
network
low complexity
doorgets
5.0
5.0