CVE-2017-11717
MetInfo CMS up to version 5.3.17 contains a captcha handling flaw: the same CAPTCHA response can be accepted for 120 seconds, enabling remote attackers to bypass challenges by tampering with the client–server data stream (login/findpass page). Affected product is MetInfo; root cause is reuse of a...