Weak Password Recovery in Contao CMS by Contao GmbH
CVE-2019-10641
9.8CRITICAL
What is CVE-2019-10641?
Certain versions of Contao CMS exhibit a vulnerability in their password recovery system, which may allow unauthorized access to user accounts. Specifically, users with versions prior to 3.5.39 in the 3.x series and before 4.7.3 in the 4.x series are at risk due to inadequacies in the mechanism for recovering forgotten passwords. This flaw could potentially be exploited by attackers to compromise user accounts and sensitive data.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved