Contao news

Read the official Contao announcements.

Security vulnerability CVE-2019-10641


Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. The security vulnerability has the identifier CVE-2019-10641.

The problem affects all Contao versions and has been fixed in Contao 3.5.39, Contao 4.4.37 and Contao 4.7.3.

Back to news overview.


Add a comment

Please add 6 and 3.