Launchpad.net

CVE 2020-13231

In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.

See the CVE page on Mitre.org for more details.