Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo 6.0.0 vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2018-7271
An issue exists in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
Metinfo Metinfo 6.0.0
383
VMScore
CVE-2018-9985
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
Metinfo Metinfo 6.0.0
668
VMScore
CVE-2018-12531
An issue exists in MetInfo 6.0.0. install\index.php allows remote malicious users to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
Metinfo Metinfo 6.0.0
516
VMScore
CVE-2018-12530
An issue exists in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote malicious users to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
Metinfo Metinfo 6.0.0
383
VMScore
CVE-2018-7721
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
Metinfo Metinfo 6.0.0
383
VMScore
CVE-2018-9928
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote malicious users to inject arbitrary web script or HTML via the webname or weburl parameter.
Metinfo Metinfo 6.0.0
578
VMScore
CVE-2018-13024
Metinfo v6.0.0 allows remote malicious users to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
Metinfo Metinfo 6.0.0
312
VMScore
CVE-2018-14419
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
Metinfo Metinfo 6.0.0
605
VMScore
CVE-2018-14420
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
Metinfo Metinfo 6.0.0
383
VMScore
CVE-2018-9934
The reset-password feature in MetInfo 6.0 allows remote malicious users to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
Metinfo Metinfo 6.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started