Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)

Description

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.

Remediation

References

Related Vulnerabilities

WordPress Plugin SlideDeck 2 Lite Responsive Content Slider Cross-Site Scripting (2.3.18)

OpenSSL Key Management Errors Vulnerability (CVE-2016-7055)

WordPress Plugin Brute Force Login Protection Cross-Site Scripting (1.5.2)

Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-46137)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4900)

Severity

Critical

Classification

CVE-2019-10641 CWE-640 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities