2 matches found
CVE-2019-11018
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change...
CVE-2019-11018
ThinkAdmin V4.0 contains a vulnerability in the file application/admin/controller/User.php where administrator cookie-based credentials remain valid after a password change. The affected software/version is ThinkAdmin 4.0; root cause is improper invalidation of existing login cookies upon passwor...