Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Metinfo Subscribe
Total 53 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-17129 1 Metinfo 1 Metinfo 2018-11-09 4.0 MEDIUM 4.9 MEDIUM
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
CVE-2018-14419 1 Metinfo 1 Metinfo 2018-09-14 3.5 LOW 4.8 MEDIUM
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
CVE-2018-14420 1 Metinfo 1 Metinfo 2018-09-14 6.8 MEDIUM 8.8 HIGH
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
CVE-2018-13024 1 Metinfo 1 Metinfo 2018-08-24 6.5 MEDIUM 7.2 HIGH
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
CVE-2018-12531 1 Metinfo 1 Metinfo 2018-08-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
CVE-2018-9985 1 Metinfo 1 Metinfo 2018-05-15 4.3 MEDIUM 6.1 MEDIUM
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
CVE-2018-9928 1 Metinfo 1 Metinfo 2018-05-11 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
CVE-2018-7721 1 Metinfo 1 Metinfo 2018-03-26 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
CVE-2018-7271 1 Metinfo 1 Metinfo 2018-03-21 9.3 HIGH 8.1 HIGH
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
CVE-2017-14513 1 Metinfo 1 Metinfo 2017-09-21 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
CVE-2010-4976 1 Metinfo 1 Metinfo 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.
CVE-2017-9764 1 Metinfo 1 Metinfo 2017-08-07 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
CVE-2017-6878 1 Metinfo 1 Metinfo 2017-03-29 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.