Domainmod : Security Vulnerabilities, CVEs, (CSRF)
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
Max CVSS
4.3
EPSS Score
0.06%
Published
2021-08-12
Updated
2021-08-18
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-18
Updated
2019-10-30
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-18
Updated
2019-10-30
domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-18
Updated
2019-07-19
4 vulnerabilities found