Description

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.

Remediation

References

CVE-2019-14537

Related Vulnerabilities

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (3.4.34)

WordPress Plugin Form Builder CP Cross-Site Scripting (1.2.14)

WordPress Plugin Media Tags Cross-Site Scripting (3.2.0.2)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Security Bypass (3.2.13)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13592)

Severity

Critical

Classification

CVE-2019-14537 CWE-843 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities