CVE-2019-11618

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator…

mitre·CWE-1188·Published 2019-04-30

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

323 chars

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.

NVDen

323 chars

NVDes

369 chars

doorGets 7.0 tiene una vulnerabilidad predeterminada de credenciales de administrador. Un atacante remoto puede utilizar esta vulnerabilidad para obtener privilegios de administrador para la creación y modificación de artículos a través de un access_token H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 en un uri=blog&action=index&controller=blog action to /api/index.php.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H