Arbitrary Password Change Vulnerability in MetInfo 6.0
CVE-2018-9934 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
Learn more about our Web App Pen Testing.