Cross-site Request Forgery (CSRF)
rdiffweb is vulnerable to cross-site request forgery. The vulnerability exists in repository and user deletions because the server accepts the GET request for deleting repositories and users which allows an attacker to cause a CSRF attack...