CVE-2019-1010095

Name of the Vulnerable Software and Affected Versions: DomainMOD version 4.10.0

Description: The issue allows for Cross Site Request Forgery (CSRF) attacks, which can lead to the addition of an administrator account. The vulnerable component is the admin/users/add.php page. The attack can occur after an administrator has logged in and an attacker opens a malicious HTML page.

Recommendations: For DomainMOD version 4.10.0, as a temporary workaround, consider restricting access to the admin/users/add.php page until a patch is available. Additionally, avoid performing administrative tasks on untrusted networks or devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.