PT-2019-12417 · Doorgets · Doorgets

Published

2019-04-30

Updated

2020-08-24

CVE-2019-11610

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions doorGets version 7.0

Description The issue allows a remote unauthenticated attacker to exploit a sensitive information disclosure vulnerability in the /fileman/php/downloaddir.php endpoint. This enables the attacker to obtain server-sensitive information.

Recommendations For doorGets version 7.0, consider restricting access to the /fileman/php/downloaddir.php endpoint until a patch is available. As a temporary workaround, review the security settings and configuration of the doorGets installation to minimize the risk of exploitation.

Exploit

Fix

Missing Authorization

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-22

Related Identifiers

CVE-2019-11610

Affected Products

Doorgets

PT-2019-12417 · Doorgets · Doorgets

CVE-2019-11610

Weakness Enumeration

Related Identifiers

Affected Products

References · 3