PT-2018-9570 · Freshdns · Freshdns

Luelistao

Published

2018-12-20

Updated

2019-01-08

CVE-2018-1000846

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreshDNS versions 1.0.3 and earlier

Description The issue concerns a Cross-Site Request Forgery (CSRF) vulnerability that affects all authenticated API calls in index.php and class.manager.php. This can lead to the editing of domains and zones with the victim's privileges. The attack is exploitable if the victim opens a website containing the attacker's JavaScript.

Recommendations For FreshDNS versions 1.0.3 and earlier, update to version 1.0.5 or later to resolve the issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-1000846

Affected Products

Freshdns

PT-2018-9570 · Freshdns · Freshdns

CVE-2018-1000846

Weakness Enumeration

Related Identifiers

Affected Products

References · 4