In Cacti prior to 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
cacti cacti
fedoraproject fedora 31
fedoraproject fedora 32