Vulnerabilities > CVE-2018-19836 - Improper Control of Dynamically-Managed Code Resources vulnerability in Metinfo 6.1.3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |