SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and previous versions allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote malicious users to execute arbitrary SQL commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
doorgets doorgets cms 3.0 |
||
doorgets doorgets cms |
||
doorgets doorgets cms 4.0 |