Description ProjectSend before r1070 writes user passwords to the server logs. Remediation References CVE-2019-11492 Related Vulnerabilities WordPress Plugin Royal Gallery 'upload.php' Arbitrary File Upload (2.1) Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-6264) WordPress 4.7.x Cross-Domain Flash Injection Vulnerability (4.7 - 4.7.8) Claroline Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3716) MySQL CVE-2015-2620 Vulnerability (CVE-2015-2620) Severity High Classification CVE-2019-11492 CWE-532 Tags Missing Update Known Vulnerabilities