CVE-2016-9127

Revive Adserver prior to 3.2.3 is affected by a CSRF vulnerability in the password recovery form, enabling an attacker to trigger mass password recovery emails to registered users. The issue, together with a related bug that could send recovery emails to all users, has been fixed in version 3.2.3...