Arbitrary Password Change Vulnerability in MetInfo 6.0

Arbitrary Password Change Vulnerability in MetInfo 6.0

CVE-2018-9934 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.

Learn more about our Web App Pen Testing.