DoorGets CMS Information Disclosure Scanner
Detects 'Information Disclosure' vulnerability in DoorGets CMS affects v. 7.0. This vulnerability allows remote unauthenticated attackers to obtain sensitive administrator information.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
17 days 21 hours
Scan only one
URL
Toolbox
-
DoorGets CMS is a content management system designed for ease of use and flexibility. It is commonly used by small to medium-sized businesses to manage website content efficiently. DoorGets offers features such as multilingual support, a responsive design, and a variety of modules to extend its functionality. This CMS is utilized by administrators and web managers who require a user-friendly interface. It is deployed in environments where quick updates and content changes are frequently made. DoorGets is often chosen for its simplicity and the ability to install and manage without in-depth technical knowledge.
The Information Disclosure vulnerability in DoorGets CMS v7.0 allows unauthorized access to sensitive data. This flaw is present in a specific setup file which can be exploited by attackers. Information such as administrator credentials can be disclosed without the need for authentication. The vulnerability arises due to inadequate access controls on specific files containing sensitive data. An attacker exploiting this issue can leverage publicly accessible URLs to extract information. This kind of vulnerability can lead to severe security breaches as unauthorized users gain access to protected data.
Technical details of the vulnerability reveal that the file /setup/temp/admin.php is improperly secured. When accessed, this file exposes sensitive data such as email and password fields to unauthenticated users. The vulnerability is present because sensitive information isn't adequately protected during the initial setup process. Default settings allow potential attackers to access content meant to be restricted. The endpoint affected is significant as it pertains to administrative credentials crucial for system management. This weak configuration opens up avenues for exploitation without requiring user intervention.
If exploited, this vulnerability can lead to severe consequences. Unauthorized parties might gain access to the admin panel, potentially altering website content or configuration. Such events could compromise the integrity and availability of the site. Additionally, attackers could extract credentials to infiltrate other systems if reused passwords are in place. This misuse of disclosed information could lead to data breaches and a loss of user trust. Overall, the breach of sensitive information could have long-term detrimental effects on the affected organization.
REFERENCES
