Metinfo
by Metinfo
Source repositories
CVEs (62)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14419 | Med | 0.31 | 4.8 | 0.01 | Jul 20, 2018 | MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | ||
| CVE-2019-17418 | 0.07 | — | 0.49 | Oct 9, 2019 | An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. | |||
| CVE-2019-16997 | 0.07 | — | 0.49 | Sep 30, 2019 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. | |||
| CVE-2019-16996 | 0.07 | — | 0.12 | Sep 30, 2019 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. | |||
| CVE-2010-4976 | 0.03 | — | 0.02 | Nov 1, 2011 | Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information. | |||
| CVE-2025-60453 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload… | |||
| CVE-2025-60451 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the… | |||
| CVE-2025-60452 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows attackers to… | |||
| CVE-2025-60450 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw… | |||
| CVE-2022-44849 | 0.00 | — | 0.00 | Dec 7, 2022 | A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | |||
| CVE-2022-23335 | 0.00 | — | 0.02 | Feb 14, 2022 | Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | |||
| CVE-2022-22295 | 0.00 | — | 0.02 | Feb 14, 2022 | Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. | |||
| CVE-2020-20600 | 0.00 | — | 0.01 | Dec 22, 2021 | MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn. | |||
| CVE-2020-21127 | 0.00 | — | 0.02 | Sep 15, 2021 | MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel. | |||
| CVE-2020-21126 | 0.00 | — | 0.01 | Sep 15, 2021 | MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo. | |||
| CVE-2020-20981 | 0.00 | — | 0.01 | Aug 12, 2021 | A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. | |||
| CVE-2020-19305 | 0.00 | — | 0.02 | Aug 3, 2021 | An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | |||
| CVE-2020-19304 | 0.00 | — | 0.02 | Aug 3, 2021 | An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information. | |||
| CVE-2020-18175 | 0.00 | — | 0.02 | Jul 29, 2021 | SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. | |||
| CVE-2020-18157 | 0.00 | — | 0.01 | Jul 29, 2021 | Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. |
- risk 0.31cvss 4.8epss 0.01
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
- CVE-2019-17418Oct 9, 2019risk 0.07cvss —epss 0.49
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
- CVE-2019-16997Sep 30, 2019risk 0.07cvss —epss 0.49
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
- CVE-2019-16996Sep 30, 2019risk 0.07cvss —epss 0.12
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
- CVE-2010-4976Nov 1, 2011risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.
- CVE-2025-60453Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload…
- CVE-2025-60451Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the…
- CVE-2025-60452Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows attackers to…
- CVE-2025-60450Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw…
- CVE-2022-44849Dec 7, 2022risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.
- CVE-2022-23335Feb 14, 2022risk 0.00cvss —epss 0.02
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
- CVE-2022-22295Feb 14, 2022risk 0.00cvss —epss 0.02
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
- CVE-2020-20600Dec 22, 2021risk 0.00cvss —epss 0.01
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.
- CVE-2020-21127Sep 15, 2021risk 0.00cvss —epss 0.02
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
- CVE-2020-21126Sep 15, 2021risk 0.00cvss —epss 0.01
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
- CVE-2020-20981Aug 12, 2021risk 0.00cvss —epss 0.01
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
- CVE-2020-19305Aug 3, 2021risk 0.00cvss —epss 0.02
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
- CVE-2020-19304Aug 3, 2021risk 0.00cvss —epss 0.02
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
- CVE-2020-18175Jul 29, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
- CVE-2020-18157Jul 29, 2021risk 0.00cvss —epss 0.01
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.
Page 2 of 4