SQL Injection Vulnerability in doorGets 7.0: Unauthorized Database Access via modulecategory_edit_titre

SQL Injection Vulnerability in doorGets 7.0: Unauthorized Database Access via modulecategory_edit_titre

CVE-2019-11622 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.