VYPR
Medium severity6.5NVD Advisory· Published Jun 18, 2018· Updated Jun 17, 2026

CVE-2018-12530

CVE-2018-12530

Description

An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.

Affected products

2
  • Metinfo/Metinfoinferred2 versions
    = 6.0.0+ 1 more
    • (no CPE)range: = 6.0.0
    • (no CPE)range: =6.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.