Doorgets: >> Doorgets Cms Security Vulnerabilities
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre.
CVSS Score
4.9
EPSS Score
0.003
Published
2019-04-30
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVSS Score
6.5
EPSS Score
0.025
Published
2014-02-11
Page 3