ID CVE-2019-1010096 Type cve Reporter cve@mitre.org Modified 2019-10-30T15:15:00
Description
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.
{"id": "CVE-2019-1010096", "bulletinFamily": "NVD", "title": "CVE-2019-1010096", "description": "DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.", "published": "2019-07-18T13:15:00", "modified": "2019-10-30T15:15:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010096", "reporter": "cve@mitre.org", "references": ["https://github.com/domainmod/domainmod/issues/65"], "cvelist": ["CVE-2019-1010096"], "type": "cve", "lastseen": "2020-10-03T13:38:37", "edition": 4, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310113327"]}], "modified": "2020-10-03T13:38:37", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2020-10-03T13:38:37", "rev": 2}, "vulnersScore": 3.6}, "cpe": ["cpe:/a:domainmod:domainmod:4.10.0"], "affectedSoftware": [{"cpeName": "domainmod:domainmod", "name": "domainmod", "operator": "eq", "version": "4.10.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:domainmod:domainmod:4.10.0:*:*:*:*:*:*:*"], "cwe": ["CWE-352"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:domainmod:domainmod:4.10.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"openvas": [{"lastseen": "2019-10-09T14:28:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19749", "CVE-2018-19913", "CVE-2018-20010", "CVE-2018-19752", "CVE-2018-19136", "CVE-2018-19914", "CVE-2018-20011", "CVE-2018-19750", "CVE-2019-1010096", "CVE-2018-19892", "CVE-2018-19137", "CVE-2018-20009", "CVE-2018-11558", "CVE-2018-19751", "CVE-2019-1010095", "CVE-2018-19915", "CVE-2019-1010094", "CVE-2018-11559"], "description": "DomainMOD is prone to multiple vulnerabilities.", "modified": "2019-10-07T00:00:00", "published": "2019-01-22T00:00:00", "id": "OPENVAS:1361412562310113327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113327", "type": "openvas", "title": "DomainMOD < 4.12.0 Multiple Vulnerabilities", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113327\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-22 15:55:07 +0200 (Tue, 22 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-11558\", \"CVE-2018-11559\", \"CVE-2018-19136\", \"CVE-2018-19137\", \"CVE-2018-19749\", \"CVE-2018-19750\",\n \"CVE-2018-19751\", \"CVE-2018-19752\", \"CVE-2018-19892\", \"CVE-2018-19913\", \"CVE-2018-19914\",\n \"CVE-2018-19915\", \"CVE-2018-20009\", \"CVE-2018-20010\", \"CVE-2018-20011\", \"CVE-2019-1010094\",\n \"CVE-2019-1010095\", \"CVE-2019-1010096\");\n\n script_name(\"DomainMOD < 4.12.0 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_domainmod_http_detect.nasl\");\n script_mandatory_keys(\"domainmod/detected\");\n\n script_tag(name:\"summary\", value:\"DomainMOD is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Stored XSS in the '/settings/profile/index.php' new_first_name parameter\n\n - Stored XSS in the '/settings/profile/index.php' new_last_name parameter\n\n - XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field\n\n - XSS via the assets/add/account-owner.php Owner name field\n\n - XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields\n\n - XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields\n\n - XSS via the assets/add/registrar.php notes field for the Registrar\n\n - XSS via the assets/edit/registrar-account.php raid parameter\n\n - XSS via the assets/edit/ip-address.php ipid parameter\n\n - XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field\n\n - XSS via the assets/add/ssl-provider-account.php username field\n\n - XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field\n\n - XSS via the assets/add/dns.php Profile Name or notes field\n\n - XSS via the assets/edit/host.php Web Host Name or Web Host URL field\n\n - CSRF in /settings/password that allows an attacker to change the admin password\n\n - CSRF in /admin/users/add.php allows an attacker to add an administrator account\n\n - CSRF in /admin/users/edit.php?uid=2 allows an attacker to change the read-only user to admin\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to craft a malicious\n link containing arbitrary JavaScript or HTML or perform actions in the context of another user.\");\n script_tag(name:\"affected\", value:\"DomainMOD prior to version 4.12.0.\");\n script_tag(name:\"solution\", value:\"Update to DomainMOD version 4.12.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/65\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/66\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/79\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/81\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/82\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/83\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/84\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/86\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/87\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/88\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/79#issuecomment-460035220\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:domainmod:domainmod\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe: CPE, port: port ) ) exit( 0 );\n\nif( version_is_less( version: version, test_version: \"4.12.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.12.0\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
