Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo 5.3.17 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-14513
Directory traversal vulnerability in MetInfo 5.3.17 allows remote malicious users to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
Metinfo Metinfo 5.3.17
578
VMScore
CVE-2017-11347
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated malicious user to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
Metinfo Metinfo 5.3.17
383
VMScore
CVE-2017-9764
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote malicious users to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
Metinfo Metinfo 5.3.17
445
VMScore
CVE-2017-11500
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
Metinfo Metinfo 5.3.17
383
VMScore
CVE-2017-11716
MetInfo up to and including 5.3.17 allows stored XSS via HTML Edit Mode.
Metinfo Project Metinfo
516
VMScore
CVE-2017-11718
There is URL Redirector Abuse in MetInfo up to and including 5.3.17 via the gourl parameter to member/login.php.
Metinfo Project Metinfo
445
VMScore
CVE-2017-11717
MetInfo up to and including 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote malicious users to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.
Metinfo Project Metinfo
578
VMScore
CVE-2017-11715
job/uploadfile_save.php in MetInfo up to and including 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job...
Metinfo Project Metinfo
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started