doorGets 7.0 Access Token /api/index.php credentials management

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in doorGets 7.0. It has been rated as critical. This issue affects an unknown functionality of the file /api/index.php of the component Access Token Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
893027106/05/2020VulD...discoverydate155649600006/05/2020accepted100
893032205/01/2019VulD...cvss3_nvd_basescore9.8nist.gov05/01/2019accepted90
893032105/01/2019VulD...0day_days105/01/2019accepted90
893032005/01/2019VulD...cvss3_vuldb_rcX05/01/2019accepted90
893031905/01/2019VulD...cvss3_vuldb_rlX05/01/2019accepted90
893031805/01/2019VulD...cvss3_vuldb_eX05/01/2019accepted90
893031705/01/2019VulD...cvss2_vuldb_rcND05/01/2019accepted90
893031605/01/2019VulD...cvss2_vuldb_rlND05/01/2019accepted90
893031505/01/2019VulD...cvss2_vuldb_eND05/01/2019accepted90
893031405/01/2019VulD...seealso134265 134264 134263 134262 134260 134259 134258 13425705/01/2019accepted100
893031305/01/2019VulD...cve_nvd_summarydoorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.mitre.org05/01/2019accepted100
893031205/01/2019VulD...cve_assigned1556582400mitre.org05/01/2019accepted100
893031105/01/2019VulD...cveCVE-2019-11618mitre.org05/01/2019accepted100
893031005/01/2019VulD...price_0day$0-$5ksee documentation05/01/2019accepted100
893030905/01/2019VulD...date1556582400 (04/30/2019)05/01/2019accepted100
893030805/01/2019VulD...cvss3_nvd_aHnist.gov05/01/2019accepted100
893030705/01/2019VulD...cvss3_nvd_iHnist.gov05/01/2019accepted100
893030605/01/2019VulD...cvss3_nvd_cHnist.gov05/01/2019accepted100
893030505/01/2019VulD...cvss3_nvd_sUnist.gov05/01/2019accepted100
893030405/01/2019VulD...cvss3_nvd_uiNnist.gov05/01/2019accepted100

Do you need the next level of professionalism?

Upgrade your account now!