CVE-2019-10641

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Source: NIST
CVE-2019-10641