An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 up to and including 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
debian debian linux 9.0 |