Описание
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-13231
- https://github.com/Cacti/cacti/issues/3342
- https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 5 лет назад
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
CVSS3: 6.5
nvd
больше 5 лет назад
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
CVSS3: 6.5
debian
больше 5 лет назад
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...