SQL Injection Vulnerability in DoorGets 7.0: Remote Privilege Escalation and Database Exposure

SQL Injection Vulnerability in DoorGets 7.0: Remote Privilege Escalation and Database Exposure

CVE-2019-11623 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.