Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metinfo metinfo vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2019-7718
An issue exists in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents UR...
Metinfo Metinfo
6.1
CVSSv3
CVE-2018-20486
MetInfo 6.x up to and including 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
Metinfo Metinfo
8.8
CVSSv3
CVE-2019-13969
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
Metinfo Metinfo
6.1
CVSSv3
CVE-2018-19050
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
Metinfo Metinfo 6.1.3
6.1
CVSSv3
CVE-2018-19051
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
Metinfo Metinfo 6.1.3
6.5
CVSSv3
CVE-2018-12530
An issue exists in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote malicious users to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
Metinfo Metinfo 6.0.0
9.8
CVSSv3
CVE-2018-12531
An issue exists in MetInfo 6.0.0. install\index.php allows remote malicious users to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
Metinfo Metinfo 6.0.0
8.8
CVSSv3
CVE-2020-18157
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.
Metinfo Metinfo 6.1.3
6.1
CVSSv3
CVE-2017-9764
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote malicious users to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
Metinfo Metinfo 5.3.17
7.2
CVSSv3
CVE-2018-13024
Metinfo v6.0.0 allows remote malicious users to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
Metinfo Metinfo 6.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »