Published: 11/02/2014 Updated: 09/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and previous versions allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote malicious users to execute arbitrary SQL commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
doorgets doorgets cms 3.0
doorgets doorgets cms
doorgets doorgets cms 4.0

Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Version(s): 52 and probably prior Tested Version: 52 Advisory Publication: January 15, 2014 [without technical details] Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Public Disclosure: February 5, 2014 Vulnerability Type: SQL Injection [CWE-89] CVE ...

doorGets CMS version 52 suffers from a remote SQL injection vulnerability ...

CWE-89 http://www.exploit-db.com/exploits/31521 http://www.securityfocus.com/bid/65439 https://github.com/doorgets/doorGets/commit/6b81541fc1e5dd1c70614585c1a04d04ccdb3b19 https://www.htbridge.com/advisory/HTB23197 http://packetstormsecurity.com/files/125078 https://exchange.xforce.ibmcloud.com/vulnerabilities/90967 http://www.securityfocus.com/archive/1/530931/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31521/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1459

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect