PT-2020-13387 · Cacti+3 · Cacti+3

Sh0Lt

Published

2020-05-20

Updated

2025-01-24

CVE-2020-13231

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.11

Description The issue allows for a Cross-Site Request Forgery (CSRF) attack, which can be used to change an admin's email address. This can be achieved through the "auth profile.php?action=edit" endpoint.

Recommendations For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the "auth profile.php?action=edit" endpoint to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2020-3394

ALT-PU-2020-3430

ALT-PU-2025-1813

CVE-2020-13231

USN-5214-1

Affected Products

Alt Linux

Cacti

Linuxmint

Ubuntu

PT-2020-13387 · Cacti+3 · Cacti+3

CVE-2020-13231

Weakness Enumeration

Related Identifiers

Affected Products

References · 39