Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-7721
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
Metinfo Metinfo 6.0.0
9.3
CVSSv2
CVE-2018-7271
An issue exists in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
Metinfo Metinfo 6.0.0
4.3
CVSSv2
CVE-2010-4976
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote malicious users to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.
Metinfo Metinfo 3.0
1 EDB exploit
4.3
CVSSv2
CVE-2017-12788
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote malicious users to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.
Metinfo Metinfo 5.3.18
6.8
CVSSv2
CVE-2017-12789
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.
Metinfo Metinfo 5.3.18
4.3
CVSSv2
CVE-2017-12790
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.
Metinfo Metinfo 5.3.18
4.3
CVSSv2
CVE-2018-19835
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
Metinfo Metinfo 6.1.3
6.5
CVSSv2
CVE-2019-17419
An issue exists in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
Metinfo Metinfo 7.0.0
4.3
CVSSv2
CVE-2017-9764
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote malicious users to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
Metinfo Metinfo 5.3.17
4.3
CVSSv2
CVE-2018-9928
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote malicious users to inject arbitrary web script or HTML via the webname or weburl parameter.
Metinfo Metinfo 6.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »