CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

CVE-2019-1010096

DomainMOD v4.10.0 contains a Cross Site Request Forgery (CSRF) vulnerability that can elevate a user’s privilege from read-only to administrator. The vulnerability is triggered via the admin/users/edit.php?uid=2 component after an administrator logs in and visits a crafted HTML page, enabling an ...