CVE-2019-11625

Name of the Vulnerable Software and Affected Versions doorGets version 7.0

Description The issue is related to a SQL injection vulnerability in the /doorgets/app/requests/user/emailingRequest.php file. A remote background administrator privilege user, or a user with permission to manage emailing, could exploit this to obtain sensitive database information.

Recommendations For doorGets version 7.0, consider restricting access to the /doorgets/app/requests/user/emailingRequest.php file until a patch is available. As a temporary workaround, limit the privileges of users with permission to manage emailing to minimize the risk of exploitation.