doorGets 7.0 Access Token /api/index.php escalazione di privilegi

voceeditHistoryDiffjsonxmlCTI

Un punto di debole di livello critico è stato rilevato in doorGets 7.0. Interessato da questa vulnerabilità è una funzione sconosciuta del file /api/index.php del componente Access Token Handler. Informazioni riguardo una possibile contromisura non sono al momento disponibili. Si suggerisce di sostituire il prodotto con uno equivalente.

Campo01/05/2019 13:5605/06/2020 09:49
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1556582400 (30/04/2019)1556582400 (30/04/2019)
price_0day$0-$5k$0-$5k
cveCVE-2019-11618CVE-2019-11618
cve_assigned15565824001556582400
cve_nvd_summarydoorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.
seealso134265 134264 134263 134262 134260 134259 134258 134257134265 134264 134263 134262 134260 134259 134258 134257
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days11
cvss3_nvd_basescore9.89.8
namedoorGetsdoorGets
version7.07.0
componentAccess Token HandlerAccess Token Handler
file/api/index.php/api/index.php
input_valueH0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9
cwe255 (escalazione di privilegi)255 (escalazione di privilegi)
risk22
historic00
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore6.86.8
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore8.58.5
cvss3_meta_tempscore8.58.5
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
discoverydate1556496000

Do you need the next level of professionalism?

Upgrade your account now!