An issue exists in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote malicious users to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
metinfo metinfo 6.0.0 |