CVE-2014-1459

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
11/02/2014
Last modified:
11/04/2025

Description

SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:doorgets:doorgets_cms:*:*:*:*:*:*:*:* 5.2 (including)
cpe:2.3:a:doorgets:doorgets_cms:3.0:*:*:*:*:*:*:*
cpe:2.3:a:doorgets:doorgets_cms:4.0:*:*:*:*:*:*:*