Description

SilverStripe through 4.3.3 allows session fixation in the "change password" form.

Remediation

References

CVE-2019-12203

Related Vulnerabilities

WordPress Plugin Sina Extension for Elementor Local File Inclusion (2.2.0)

ownCloud Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-35947)

Oracle Database Server CVE-2009-1992 Vulnerability (CVE-2009-1992)

TwistedHTTP Request Splitting Vulnerability (CVE-2020-10108)

MySQL Other Vulnerability (CVE-2009-4019)

Severity

Medium

Classification

CVE-2019-12203 CWE-384 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities