Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo 6.0.0 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2018-12530
An issue exists in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote malicious users to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
Metinfo Metinfo 6.0.0
7.5
CVSSv2
CVE-2018-12531
An issue exists in MetInfo 6.0.0. install\index.php allows remote malicious users to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
Metinfo Metinfo 6.0.0
4.3
CVSSv2
CVE-2018-9928
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote malicious users to inject arbitrary web script or HTML via the webname or weburl parameter.
Metinfo Metinfo 6.0.0
3.5
CVSSv2
CVE-2018-14419
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
Metinfo Metinfo 6.0.0
6.8
CVSSv2
CVE-2018-14420
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
Metinfo Metinfo 6.0.0
4.3
CVSSv2
CVE-2018-7721
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
Metinfo Metinfo 6.0.0
6.5
CVSSv2
CVE-2018-13024
Metinfo v6.0.0 allows remote malicious users to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
Metinfo Metinfo 6.0.0
4.3
CVSSv2
CVE-2018-9934
The reset-password feature in MetInfo 6.0 allows remote malicious users to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
Metinfo Metinfo 6.0.0
4.3
CVSSv2
CVE-2018-9985
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
Metinfo Metinfo 6.0.0
9.3
CVSSv2
CVE-2018-7271
An issue exists in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
Metinfo Metinfo 6.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started