VYPR
Critical severity9.8NVD Advisory· Published Jul 28, 2017· Updated Jun 17, 2026

CVE-2017-11715

CVE-2017-11715

Description

job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.

Affected products

2
  • Metinfo/Metinfo2 versions
    cpe:2.3:a:metinfo_project:metinfo:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:metinfo_project:metinfo:*:*:*:*:*:*:*:*range: <=5.3.17
    • (no CPE)range: <=5.3.17

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.