Here you will find a list of vulnerabilities that have already been found and fixed in Contao.
Session invalidation upon password changes
CVE ID: CVE-2019-10641
Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end.
Contao 3.5 up to 3.5.38
Contao 4.4 up to 4.4.36
Contao 4.7 up to 4.7.2
Update to Contao 3.5.39, 4.4.37 or 4.7.3.
Back to the overview.
If you think that you have found a security issue in Contao, please report it according to our security policy.