3 matches found
CVE-2018-19836
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...
CVE-2018-19836
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...
CVE-2018-19836
MetInfo 6.1.3 is affected by CVE-2018-19836. The vulnerability stems from include/interface/applogin.php allowing arbitrary HTTP header manipulation (including Cookie) and common.inc.php registering variables from $_COOKIE. This combination can enable an attacker to influence request headers and ...