PT-2019-12419 · Doorgets · Doorgets

Published

2019-04-30

Updated

2020-08-24

CVE-2019-11612

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions doorGets version 7.0

Description The issue allows a remote unauthenticated attacker to delete arbitrary files due to an arbitrary file deletion vulnerability in the /fileman/php/deletefile.php endpoint.

Recommendations For doorGets version 7.0, consider restricting access to the /fileman/php/deletefile.php endpoint until a patch is available. As a temporary workaround, limit the functionality of the deletefile.php script to prevent unauthorized file deletion.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-11612

Affected Products

Doorgets

PT-2019-12419 · Doorgets · Doorgets

CVE-2019-11612

Weakness Enumeration

Related Identifiers

Affected Products

References · 3