Metinfo

metinfo

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-11718 1Metinfo Project 1Metinfo May 13, 2026 Jul 28, 2017 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
CVE-2017-11717 1Metinfo Project 1Metinfo May 13, 2026 Jul 28, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated b...Show more MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.Show less
CVE-2017-11716 1Metinfo Project 1Metinfo May 13, 2026 Jul 28, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.
CVE-2017-11715 1Metinfo Project 1Metinfo May 13, 2026 Jul 28, 2017 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain...Show more job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.Show less