Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Metinfo Subscribe
Total 53 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44849 1 Metinfo 1 Metinfo 2022-12-12 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.
CVE-2020-20907 2 Metinfo, Microsoft 2 Metinfo, Windows 2022-10-05 6.4 MEDIUM 9.1 CRITICAL
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php.
CVE-2020-19305 1 Metinfo 1 Metinfo 2022-10-05 7.5 HIGH 9.8 CRITICAL
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
CVE-2022-22295 1 Metinfo 1 Metinfo 2022-02-22 7.5 HIGH 9.8 CRITICAL
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
CVE-2022-23335 1 Metinfo 1 Metinfo 2022-02-22 7.5 HIGH 9.8 CRITICAL
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
CVE-2020-20600 1 Metinfo 1 Metinfo 2021-12-23 3.5 LOW 5.4 MEDIUM
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.
CVE-2020-21126 1 Metinfo 1 Metinfo 2021-09-23 6.8 MEDIUM 8.8 HIGH
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
CVE-2020-21127 1 Metinfo 1 Metinfo 2021-09-23 7.5 HIGH 9.8 CRITICAL
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
CVE-2020-20981 1 Metinfo 1 Metinfo 2021-08-16 5.0 MEDIUM 7.5 HIGH
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
CVE-2020-19304 1 Metinfo 1 Metinfo 2021-08-11 5.0 MEDIUM 7.5 HIGH
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
CVE-2020-18157 1 Metinfo 1 Metinfo 2021-08-03 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.
CVE-2020-18175 1 Metinfo 1 Metinfo 2021-08-03 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
CVE-2020-21133 1 Metinfo 1 Metinfo 2021-07-12 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
CVE-2020-21132 1 Metinfo 1 Metinfo 2021-07-12 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
CVE-2020-21131 1 Metinfo 1 Metinfo 2021-07-12 6.5 MEDIUM 7.2 HIGH
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
CVE-2020-20585 1 Metinfo 1 Metinfo 2021-07-12 5.0 MEDIUM 7.5 HIGH
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
CVE-2020-21517 1 Metinfo 1 Metinfo 2021-06-22 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
CVE-2020-20800 1 Metinfo 1 Metinfo 2020-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
CVE-2018-19836 1 Metinfo 1 Metinfo 2020-08-24 4.3 MEDIUM 6.1 MEDIUM
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
CVE-2018-12530 1 Metinfo 1 Metinfo 2020-08-24 5.8 MEDIUM 6.5 MEDIUM
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.