CVE-2020-23140

Name of the Vulnerable Software and Affected Versions Microweber version 1.1.18

Description The issue concerns insufficient session expiration. When a user changes their password, both the session for the email change and old sessions on other browsers or devices remain active and do not expire.

Recommendations For Microweber version 1.1.18, as a temporary workaround, consider implementing a manual session expiration mechanism after password changes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.