VYPR

Metinfo

by Metinfo

Source repositories

CVEs (62)

  • CVE-2018-14419MedJul 20, 2018
    risk 0.31cvss 4.8epss 0.01

    MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.

  • CVE-2019-17418Oct 9, 2019
    risk 0.07cvss epss 0.49

    An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.

  • CVE-2019-16997Sep 30, 2019
    risk 0.07cvss epss 0.49

    In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.

  • CVE-2019-16996Sep 30, 2019
    risk 0.07cvss epss 0.12

    In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.

  • CVE-2010-4976Nov 1, 2011
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.

  • CVE-2025-60453Oct 3, 2025
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload…

  • CVE-2025-60451Oct 3, 2025
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the…

  • CVE-2025-60452Oct 3, 2025
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows attackers to…

  • CVE-2025-60450Oct 3, 2025
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw…

  • CVE-2022-44849Dec 7, 2022
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.

  • CVE-2022-23335Feb 14, 2022
    risk 0.00cvss epss 0.02

    Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.

  • CVE-2022-22295Feb 14, 2022
    risk 0.00cvss epss 0.02

    Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.

  • CVE-2020-20600Dec 22, 2021
    risk 0.00cvss epss 0.01

    MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.

  • CVE-2020-21127Sep 15, 2021
    risk 0.00cvss epss 0.02

    MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.

  • CVE-2020-21126Sep 15, 2021
    risk 0.00cvss epss 0.01

    MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.

  • CVE-2020-20981Aug 12, 2021
    risk 0.00cvss epss 0.01

    A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.

  • CVE-2020-19305Aug 3, 2021
    risk 0.00cvss epss 0.02

    An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.

  • CVE-2020-19304Aug 3, 2021
    risk 0.00cvss epss 0.02

    An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.

  • CVE-2020-18175Jul 29, 2021
    risk 0.00cvss epss 0.02

    SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.

  • CVE-2020-18157Jul 29, 2021
    risk 0.00cvss epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.