CVE-2019-1010096

Name of the Vulnerable Software and Affected Versions: DomainMOD version 4.10.0

Description: The issue allows for a Cross Site Request Forgery (CSRF) attack, which can change a read-only user to an admin. The component affected is the "admin/users/edit.php?uid=2" endpoint. The attack can occur after an administrator has logged in and an HTML page is opened.

Recommendations: For DomainMOD version 4.10.0, as a temporary workaround, consider restricting access to the "admin/users/edit.php?uid=2" endpoint until a patch is available. Avoid using this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.