In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
References
Link | Resource |
---|---|
https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/2 | Exploit Issue Tracking Third Party Advisory |
Configurations
Information
Published : 2019-09-30 06:15
Updated : 2019-10-04 07:38
NVD link : CVE-2019-16997
Mitre link : CVE-2019-16997
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
metinfo
- metinfo