CVE-2018-1000846

Name of the Vulnerable Software and Affected Versions FreshDNS versions 1.0.3 and earlier

Description The issue concerns a Cross-Site Request Forgery (CSRF) vulnerability that affects all authenticated API calls in index.php and class.manager.php. This can lead to the editing of domains and zones with the victim's privileges. The attack is exploitable if the victim opens a website containing the attacker's JavaScript.

Recommendations For FreshDNS versions 1.0.3 and earlier, update to version 1.0.5 or later to resolve the issue.