Metinfo

metinfo

Vendor: Metinfo • 60 CVEs

CVEs (60)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-19050 1Metinfo 1Metinfo Nov 21, 2024 Nov 7, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
CVE-2018-18374 1Metinfo 1Metinfo Nov 21, 2024 Oct 16, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
CVE-2018-18296 1Metinfo 1Metinfo Nov 21, 2024 Oct 15, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
CVE-2018-17129 1Metinfo 1Metinfo Nov 21, 2024 Sep 17, 2018 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
CVE-2018-14420 1Metinfo 1Metinfo Nov 21, 2024 Jul 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
CVE-2018-14419 1Metinfo 1Metinfo Nov 21, 2024 Jul 20, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
CVE-2018-13024 1Metinfo 1Metinfo Nov 21, 2024 Jun 29, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
CVE-2018-12531 1Metinfo 1Metinfo Nov 21, 2024 Jun 18, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
CVE-2018-12530 1Metinfo 1Metinfo Nov 21, 2024 Jun 18, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
CVE-2018-9985 1Metinfo 1Metinfo Nov 21, 2024 Apr 10, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
CVE-2018-9934 1Metinfo 1Metinfo Nov 21, 2024 Apr 10, 2018 N/A· v4 8.8 HIGH· v3 4.3 MEDIUM· v2 The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
CVE-2018-9928 1Metinfo 1Metinfo Nov 21, 2024 Apr 10, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
CVE-2018-7721 1Metinfo 1Metinfo Nov 21, 2024 Mar 7, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
CVE-2018-7271 1Metinfo 1Metinfo Nov 21, 2024 Feb 21, 2018 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation proce...Show more An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.Show less
CVE-2017-14513 1Metinfo 1Metinfo May 13, 2026 Sep 17, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
CVE-2017-11500 1Metinfo 1Metinfo May 13, 2026 Jul 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
CVE-2017-9764 1Metinfo 1Metinfo May 13, 2026 Jul 19, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
CVE-2017-11347 1Metinfo 1Metinfo May 13, 2026 Jul 17, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/ph...Show more Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.Show less
CVE-2017-6878 1Metinfo 1Metinfo May 13, 2026 Mar 27, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.
CVE-2010-4976 1Metinfo 1Metinfo Apr 29, 2026 Nov 1, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these detail...Show more Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.Show less

Previous 1 23