VYPR
High severity7.5NVD Advisory· Published Jul 20, 2017· Updated Jun 17, 2026

CVE-2017-11500

CVE-2017-11500

Description

A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.

Affected products

3
  • Metinfo/Metinfoinferred3 versions
    =5.3.17+ 2 more
    • (no CPE)range: =5.3.17
    • cpe:2.3:a:metinfo:metinfo:5.3.17:*:*:*:*:*:*:*
    • (no CPE)range: =5.3.17

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.