doorGets 7.0 Access Token /api/index.php credentials management

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in doorGets 7.0. It has been rated as critical. This issue affects an unknown functionality of the file /api/index.php of the component Access Token Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field05/01/2019 01:56 PM06/05/2020 09:49 AM
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1556582400 (04/30/2019)1556582400 (04/30/2019)
price_0day$0-$5k$0-$5k
cveCVE-2019-11618CVE-2019-11618
cve_assigned15565824001556582400
cve_nvd_summarydoorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.
seealso134265 134264 134263 134262 134260 134259 134258 134257134265 134264 134263 134262 134260 134259 134258 134257
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days11
cvss3_nvd_basescore9.89.8
namedoorGetsdoorGets
version7.07.0
componentAccess Token HandlerAccess Token Handler
file/api/index.php/api/index.php
input_valueH0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9
cwe255 (privilege escalation)255 (privilege escalation)
risk22
historic00
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore6.86.8
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore8.58.5
cvss3_meta_tempscore8.58.5
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
discoverydate1556496000

Interested in the pricing of exploits?

See the underground prices here!