| CVE-2017-11715 | Cri | 0.64 | 9.8 | 0.01 | | Jul 28, 2017 | job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. |
| CVE-2017-11717 | Hig | 0.49 | 7.5 | 0.00 | | Jul 28, 2017 | MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. |
| CVE-2017-11718 | Med | 0.40 | 6.1 | 0.00 | | Jul 28, 2017 | There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. |
| CVE-2017-11716 | Med | 0.40 | 6.1 | 0.00 | | Jul 28, 2017 | MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. |
