rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker exploiting this vulnerability can use it to delete repositories and users.