Description
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Remediation
References
Related Vulnerabilities
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-6385)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3732)
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2015-3416)
D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)
WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.20)