Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.

Remediation

References

CVE-2019-10911

Related Vulnerabilities

WordPress Plugin MF Gig Calendar 'page_id' Parameter Cross-Site Scripting (0.9.4.1)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)

WordPress Plugin Zedity:The Easiest Way To Create Posts & Pages Cross-Site Scripting (2.5.0)

WordPress Plugin WP Fastest Cache Directory Traversal (0.8.9.5)

Piwigo Improper Access Control Vulnerability (CVE-2016-10514)

Severity

High

Classification

CVE-2019-10911 CWE-287 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities