This is a functional CSRF (Cross-Site Request Forgery) exploit for Doorgets CMS, allowing an attacker to modify site configuration settings by tricking an authenticated admin into submitting a malicious form. The PoC demonstrates the vulnerability by crafting a form that submits to the admin configuration endpoint without requiring direct authentication.
Classification
Working Poc 95%
Target:
Doorgets CMS (version unspecified)
No auth needed
Prerequisites:
Victim must be authenticated as an admin · Victim must visit the malicious HTML page