/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server.
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Link | Tags |
---|---|
https://github.com/itodaro/doorGets_cve | third party advisory exploit |