PT-2019-12423 · Doorgets · Doorgets
Published
2019-04-30
·
Updated
2020-08-24
·
CVE-2019-11616
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
doorGets version 7.0
Description
The issue allows a remote unauthenticated attacker to disclose sensitive information. Specifically, the vulnerability is present in the
/setup/temp/admin.php and /setup/temp/database.php API endpoints, which could be exploited to obtain the administrator password.Recommendations
For doorGets version 7.0, consider restricting access to the
/setup/temp/admin.php and /setup/temp/database.php API endpoints to prevent exploitation until a fix is available. Additionally, changing the administrator password and monitoring for any suspicious activity is recommended.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Doorgets