CVE-2019-11618

Name of the Vulnerable Software and Affected Versions doorGets version 7.0

Description The issue allows a remote attacker to gain administrator privileges for creating and modifying articles. This can be achieved by exploiting a default administrator credential vulnerability, potentially using an access token in a specific action to the /api/index.php endpoint, such as 'uri=blog&action=index&controller=blog'.

Recommendations For doorGets version 7.0, change the default administrator credentials to prevent unauthorized access. As a temporary workaround, consider restricting access to the /api/index.php endpoint until a patch is available. Avoid using default credentials in production environments to minimize the risk of exploitation.