There is login bypass in doracms2.18 and earlier versions. When logging in, you can bypass the login user authentication by replacing the return package with the return package after a system successfully logs in.
[Vulnerability proof]
Step 1:Log in to the system through the default account doracms and record the returned package.
Step 2:Use this return package to log in to other doracms systems.
Step 3:Successfully bypassed login to enter the system.
There is login bypass in doracms2.18 and earlier versions. When logging in, you can bypass the login user authentication by replacing the return package with the return package after a system successfully logs in. [Vulnerability proof] Step 1:Log in to the system through the default account doracms and record the returned package. Step 2:Use this return package to log in to other doracms systems. Step 3:Successfully bypassed login to enter the system.