Description Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. Remediation References CVE-2019-10641 Related Vulnerabilities WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Multiple Vulnerabilities (4.6.0.3) Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-0448) WordPress Other Vulnerability (CVE-2006-1796) WordPress Other Vulnerability (CVE-2007-1622) WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.29) Severity Critical Classification CVE-2019-10641 CWE-640 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities