The change email ID is vulnerable to CSRF. The attacker can change the email ID of the user.
1.Login into the application https://rdiffweb-demo.ikus-soft.com.
2.Open the URL https://rdiffweb-demo.ikus-soft.com/prefs/general?username=admin&email=csrf%40test.com&action=set_profile_info
.
3.The email ID of the user is changed.
4.The email ID is changed.