The settings of repositories is vulnerable to CSRF in ikus060/rdiffweb
Sep 19th 2022
The malicious user can change the settings of repository by sending the URL to the victim.
Proof of Concept
1.Login into the application https://rdiffweb-demo.ikus-soft.com/settings/admin/test-encoding .
2.Go to test-encoding.
3.Check that the value of remove older is forever.
5.Refresh the page.
6.The setting is updated.
A malicious user can change the setting of repository.