dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.
8.8CVSS
8.6AI Score
0.001EPSS
doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter.
7.5CVSS
7.5AI Score
0.002EPSS