CVE-2019-7649
CMSWing 1.3.7 contains a weakness in global.encryptPassword (bootstrap/global.js) where password hashing relies on multiple MD5 operations. This is documented as a weak‑encryption vulnerability that can be brute‑forced, potentially allowing an attacker to break user passwords. The CVE is corrobor...