Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-12790
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.
Metinfo Metinfo 5.3.18
7.5
CVSSv3
CVE-2020-20981
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows malicious users to access sensitive database information.
Metinfo Metinfo 7.0.0
8.8
CVSSv3
CVE-2022-44849
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows malicious users to arbitrarily add Super Administrator account.
Metinfo Metinfo 7.7
7.2
CVSSv3
CVE-2019-16996
In Metinfo 7.0.0beta, a SQL Injection exists in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
Metinfo Metinfo 7.0.0
6.1
CVSSv3
CVE-2018-9985
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
Metinfo Metinfo 6.0.0
6.1
CVSSv3
CVE-2017-9764
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote malicious users to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
Metinfo Metinfo 5.3.17
9.8
CVSSv3
CVE-2017-11715
job/uploadfile_save.php in MetInfo up to and including 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job...
Metinfo Project Metinfo
6.1
CVSSv3
CVE-2017-11716
MetInfo up to and including 5.3.17 allows stored XSS via HTML Edit Mode.
Metinfo Project Metinfo
7.5
CVSSv3
CVE-2017-11717
MetInfo up to and including 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote malicious users to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.
Metinfo Project Metinfo
6.1
CVSSv3
CVE-2017-11718
There is URL Redirector Abuse in MetInfo up to and including 5.3.17 via the gourl parameter to member/login.php.
Metinfo Project Metinfo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »