WEB APPLICATION VULNERABILITIES Standard & Premium

Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)

Description

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.

Remediation

References

Related Vulnerabilities

MySQL CVE-2016-0641 Vulnerability (CVE-2016-0641)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-14998)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3662)

WordPress Plugin Dean's FCKEditor with pwwang's code Arbitrary File Upload (1.0.0)

WordPress Plugin WordPress Automatic Security Bypass (3.53.2)

Severity

Critical

Classification

CVE-2019-10641 CWE-640 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities