PT-2019-12417 · Doorgets · Doorgets

Publicado

2019-04-30

Atualizado

2020-08-24

CVE-2019-11610

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions doorGets version 7.0

Description The issue allows a remote unauthenticated attacker to exploit a sensitive information disclosure vulnerability in the /fileman/php/downloaddir.php endpoint. This enables the attacker to obtain server-sensitive information.

Recommendations For doorGets version 7.0, consider restricting access to the /fileman/php/downloaddir.php endpoint until a patch is available. As a temporary workaround, review the security settings and configuration of the doorGets installation to minimize the risk of exploitation.

Exploit

Correção

Missing Authorization

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-22

Identificadores relacionados

CVE-2019-11610

Produtos afetados

Doorgets

PT-2019-12417 · Doorgets · Doorgets

CVE-2019-11610

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3