flarum/core contains an insecure session management. A lack of expiry and invalidation in the user email tokens allows a remote attacker to reuse the email tokens belonging to users to gain access to the application.
CPE | Name | Operator | Version |
---|---|---|---|
flarum/core | le | 0.1.0-beta.7.2 |