Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo 5.3.17 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-11715
job/uploadfile_save.php in MetInfo up to and including 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job...
Metinfo Project Metinfo
8.8
CVSSv3
CVE-2017-11347
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated malicious user to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
Metinfo Metinfo 5.3.17
7.5
CVSSv3
CVE-2017-11717
MetInfo up to and including 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote malicious users to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.
Metinfo Project Metinfo
7.5
CVSSv3
CVE-2017-11500
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
Metinfo Metinfo 5.3.17
6.1
CVSSv3
CVE-2017-11716
MetInfo up to and including 5.3.17 allows stored XSS via HTML Edit Mode.
Metinfo Project Metinfo
6.1
CVSSv3
CVE-2017-11718
There is URL Redirector Abuse in MetInfo up to and including 5.3.17 via the gourl parameter to member/login.php.
Metinfo Project Metinfo
6.1
CVSSv3
CVE-2017-9764
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote malicious users to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
Metinfo Metinfo 5.3.17
5.3
CVSSv3
CVE-2017-14513
Directory traversal vulnerability in MetInfo 5.3.17 allows remote malicious users to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
Metinfo Metinfo 5.3.17
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started