Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-22295
Metinfo v7.5.0 exists to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
Metinfo Metinfo 7.5.0
NA
CVE-2022-44849
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows malicious users to arbitrarily add Super Administrator account.
Metinfo Metinfo 7.7
578
VMScore
CVE-2019-17419
An issue exists in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
Metinfo Metinfo 7.0.0
516
VMScore
CVE-2018-12530
An issue exists in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote malicious users to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
Metinfo Metinfo 6.0.0
668
VMScore
CVE-2018-12531
An issue exists in MetInfo 6.0.0. install\index.php allows remote malicious users to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
Metinfo Metinfo 6.0.0
668
VMScore
CVE-2020-20800
An issue exists in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
Metinfo Metinfo 7.0.0
445
VMScore
CVE-2020-20981
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows malicious users to access sensitive database information.
Metinfo Metinfo 7.0.0
435
VMScore
CVE-2010-4976
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote malicious users to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.
Metinfo Metinfo 3.0
1 EDB exploit
578
VMScore
CVE-2017-11715
job/uploadfile_save.php in MetInfo up to and including 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job...
Metinfo Project Metinfo
828
VMScore
CVE-2018-7271
An issue exists in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
Metinfo Metinfo 6.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »