Description

ProjectSend before r1070 writes user passwords to the server logs.

Remediation

References

CVE-2019-11492

Related Vulnerabilities

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8109)

Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-15839)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2008-4096)

WordPress Cross-Domain Flash Injection Vulnerability (0.70 - 3.6.1)

PHP Other Vulnerability (CVE-2007-1649)

Severity

High

Classification

CVE-2019-11492 CWE-532

Tags

Missing Update Known Vulnerabilities