Description
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Remediation
References
Related Vulnerabilities
WordPress Plugin Style Kits-Advanced Theme Styles for Elementor Cross-Site Request Forgery (1.8.0)
WordPress Plugin Erident Custom Login and Dashboard Cross-Site Request Forgery (3.4.1)
Ruby Improper Input Validation Vulnerability (CVE-2009-4492)
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9268)
WordPress Plugin User Activation Email Cross-Site Scripting (1.3.0)