Screw

**Name of the Vulnerable Software and Affected Versions** doorGets version 7.0 **Description** The issue concerns a CSRF problem in the `dg-user/?controller=users&action=add` API endpoint, which can lead to the addition of an administrator account. **Recommendations** For doorGets version 7.0, consider restricting access to the `dg-user/?controller=users&action=add` endpoint until a patch is available. As a temporary workaround, implement CSRF protection measures to prevent unauthorized requests.