Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Contao's remember-me tokens will not be cleared after a password change
Vulnerability Description
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable "Allow auto login" in the login module.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Contao 安全漏洞
Vulnerability Description
Contao是一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 4.13.40 之前版本存在安全漏洞,该漏洞源于当前端更改密码后,令牌不会被清除。
CVSS Information
N/A
Vulnerability Type
N/A