FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-20T15:00:00Z
Updated: 2024-09-16T22:02:36.082Z
Reserved: 2018-12-20T00:00:00Z
Link: CVE-2018-1000846
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-12-20T15:29:02.190
Modified: 2019-01-08T13:13:28.543
Link: CVE-2018-1000846
Redhat
No data.