CVE-2020-10540

Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.