Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-9934
The reset-password feature in MetInfo 6.0 allows remote malicious users to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
Metinfo Metinfo 6.0.0
5.8
CVSSv2
CVE-2018-12530
An issue exists in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote malicious users to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
Metinfo Metinfo 6.0.0
6.5
CVSSv2
CVE-2017-11347
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated malicious user to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
Metinfo Metinfo 5.3.17
5
CVSSv2
CVE-2017-11500
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
Metinfo Metinfo 5.3.17
7.5
CVSSv2
CVE-2020-20800
An issue exists in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
Metinfo Metinfo 7.0.0
5
CVSSv2
CVE-2020-20981
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows malicious users to access sensitive database information.
Metinfo Metinfo 7.0.0
4.3
CVSSv2
CVE-2017-9764
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote malicious users to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
Metinfo Metinfo 5.3.17
6.8
CVSSv2
CVE-2020-21126
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
Metinfo Metinfo 7.0.0
4.3
CVSSv2
CVE-2020-21517
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
Metinfo Metinfo 7.0.0
6.5
CVSSv2
CVE-2019-16997
In Metinfo 7.0.0beta, a SQL Injection exists in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
Metinfo Metinfo 7.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »