CVE-2020-13231

MEDIUM

Cacti < 1.2.11 - Cross-Site Request Forgery via Admin Email Change

Title source: llm
STIX 2.1

Description

In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.

References (4)

Core 4
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/Cacti/cacti/issues/3342

Scores

CVSS v3 6.5
EPSS 0.0085
EPSS Percentile 53.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (3)
cacti/cacti < 1.2.11
fedoraproject/fedora 31
fedoraproject/fedora 32
Published May 20, 2020
Tracked Since Feb 18, 2026