CVE-2020-13231
MEDIUMCacti < 1.2.11 - Cross-Site Request Forgery via Admin Email Change
Title source: llmDescription
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
References (4)
Core 4
Core References
Release Notes x_refsource_misc
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/Cacti/cacti/issues/3342
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO/
Scores
CVSS v3
6.5
EPSS
0.0085
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (3)
cacti/cacti
< 1.2.11
fedoraproject/fedora
31
fedoraproject/fedora
32
Published
May 20, 2020
Tracked Since
Feb 18, 2026