SQL Injection Vulnerability in DoorGets 7.0: Unauthorized Database Access via Analytics Configuration

SQL Injection Vulnerability in DoorGets 7.0: Unauthorized Database Access via Analytics Configuration

CVE-2019-11619 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.