CVE-2019-11616 – doorGets 7.0 contains sensitive information dis... (How to Fix)

📋 TL;DR

doorGets 7.0 contains sensitive information disclosure vulnerabilities in temporary setup files that expose administrator credentials. Remote unauthenticated attackers can access these files to obtain the administrator password. This affects all doorGets 7.0 installations with the vulnerable setup files present.

💻 Affected Systems

Products:

doorGets CMS

Versions: 7.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in temporary setup files that should be removed after installation but often remain accessible.

📦 What is this software?

Doorgets Cms by Doorgets

View all CVEs affecting Doorgets Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining administrative access, potentially leading to data theft, website defacement, or installation of backdoors.

🟠

Likely Case

Attacker obtains administrator credentials and gains full control of the doorGets CMS, allowing content manipulation and further system access.

🟢

If Mitigated

No impact if vulnerable files are removed or access is properly restricted.

🌐 Internet-Facing: HIGH - Directly accessible via web without authentication, making exploitation trivial for any internet-facing installation.

🏢 Internal Only: MEDIUM - Still vulnerable to internal threats but requires network access to the system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web browser access to the vulnerable URLs. No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Remove the vulnerable files: /setup/temp/admin.php and /setup/temp/database.php
2. Change all administrator passwords
3. Ensure no other temporary setup files remain accessible

🔧 Temporary Workarounds

Remove vulnerable files

linux

Delete the temporary setup files that contain sensitive information

rm /path/to/doorgets/setup/temp/admin.php
rm /path/to/doorgets/setup/temp/database.php

Restrict access via web server

all

Block access to /setup/temp/ directory using web server configuration

# Apache: Add to .htaccess in setup/temp/
Deny from all
# Nginx: Add to server block
location /setup/temp/ { deny all; }

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the doorGets installation
Deploy web application firewall rules to block access to /setup/temp/ paths

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[target]/setup/temp/admin.php and http://[target]/setup/temp/database.php. If files are accessible and contain credentials, system is vulnerable.

Check Version:

Check doorGets version in administration panel or look for version information in source files

Verify Fix Applied:

Verify the files no longer exist or return 403/404 errors when accessed via web browser.

📡 Detection & Monitoring

Log Indicators:

HTTP 200 responses to /setup/temp/admin.php or /setup/temp/database.php
Unusual admin login patterns after file access

Network Indicators:

HTTP GET requests to /setup/temp/admin.php or /setup/temp/database.php from external IPs

SIEM Query:

web_access_logs WHERE (url LIKE '%/setup/temp/admin.php%' OR url LIKE '%/setup/temp/database.php%') AND response_code = 200

📊 Metadata

CVE ID: CVE-2019-11616

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: April 30, 2019

Last Updated: November 21, 2024

🔗 References

https://github.com/itodaro/doorGets_cve Exploit,Third Party Advisory
https://github.com/itodaro/doorGets_cve Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON