CVE-2019-10641: Existing sessions are not correctly invalidated when a user changes their password

Severity: Critical

CVSS Score: 9.8

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.