CVE-2018-19836

Name of the Vulnerable Software and Affected Versions Metinfo version 6.1.3

Description The issue in Metinfo allows setting arbitrary HTTP headers, including the Cookie header, through include/interface/applogin.php. Additionally, common.inc.php permits registering variables from the $ COOKIE value. This can be exploited to bypass many XSS filters.

Recommendations For Metinfo version 6.1.3, consider restricting access to the include/interface/applogin.php and common.inc.php files to minimize the risk of exploitation. As a temporary workaround, avoid using the $ COOKIE value in the affected scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.