Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-20486
MetInfo 6.x up to and including 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
Metinfo Metinfo
6.8
CVSSv2
CVE-2019-7718
An issue exists in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents UR...
Metinfo Metinfo
6.5
CVSSv2
CVE-2019-13969
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
Metinfo Metinfo
4
CVSSv2
CVE-2018-17129
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
Metinfo Metinfo 6.1.0
7.5
CVSSv2
CVE-2018-12531
An issue exists in MetInfo 6.0.0. install\index.php allows remote malicious users to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
Metinfo Metinfo 6.0.0
3.5
CVSSv2
CVE-2018-18374
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
Metinfo Metinfo 6.1.2
4.3
CVSSv2
CVE-2018-18296
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
Metinfo Metinfo 6.1.2
4.3
CVSSv2
CVE-2010-4976
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote malicious users to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.
Metinfo Metinfo 3.0
1 EDB exploit
4.3
CVSSv2
CVE-2018-7721
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
Metinfo Metinfo 6.0.0
NA
CVE-2022-44849
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows malicious users to arbitrarily add Super Administrator account.
Metinfo Metinfo 7.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »