High severity8.8NVD Advisory· Published Jul 20, 2018· Updated Jun 17, 2026
CVE-2018-14420
CVE-2018-14420
Description
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/AvaterXXX/Metinfo---XSS/blob/master/CSRFnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.