Vendor CVEs
Metinfo
All CVEs
62 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-29014 | Cri | 0.66 | 9.8 | 0.40 | Apr 1, 2026 | MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution… | ||
| CVE-2018-12531 | Cri | 0.64 | 9.8 | 0.02 | Jun 18, 2018 | An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. | ||
| CVE-2017-11715 | Cri | 0.64 | 9.8 | 0.01 | Jul 28, 2017 | job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | ||
| CVE-2018-14420 | Hig | 0.57 | 8.8 | 0.01 | Jul 20, 2018 | MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | ||
| CVE-2018-9934 | Hig | 0.57 | 8.8 | 0.01 | Apr 10, 2018 | The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. | ||
| CVE-2017-11347 | Hig | 0.57 | 8.8 | 0.02 | Jul 17, 2017 | Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php. | ||
| CVE-2018-7271 | Hig | 0.53 | 8.1 | 0.02 | Feb 21, 2018 | An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell. | ||
| CVE-2017-11717 | Hig | 0.49 | 7.5 | 0.01 | Jul 28, 2017 | MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. | ||
| CVE-2017-11500 | Hig | 0.49 | 7.5 | 0.02 | Jul 20, 2017 | A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | ||
| CVE-2018-13024 | Hig | 0.47 | 7.2 | 0.01 | Jun 29, 2018 | Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | ||
| CVE-2018-12530 | Med | 0.42 | 6.5 | 0.02 | Jun 18, 2018 | An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. | ||
| CVE-2018-9985 | Med | 0.40 | 6.1 | 0.01 | Apr 10, 2018 | The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | ||
| CVE-2018-9928 | Med | 0.40 | 6.1 | 0.01 | Apr 10, 2018 | Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | ||
| CVE-2018-7721 | Med | 0.40 | 6.1 | 0.01 | Mar 7, 2018 | Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | ||
| CVE-2017-11718 | Med | 0.40 | 6.1 | 0.01 | Jul 28, 2017 | There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | ||
| CVE-2017-11716 | Med | 0.40 | 6.1 | 0.01 | Jul 28, 2017 | MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. | ||
| CVE-2017-9764 | Med | 0.40 | 6.1 | 0.01 | Jul 19, 2017 | Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | ||
| CVE-2017-14513 | Med | 0.35 | 5.3 | 0.02 | Sep 17, 2017 | Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | ||
| CVE-2017-6878 | Med | 0.35 | 5.4 | 0.01 | Mar 27, 2017 | Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | ||
| CVE-2018-17129 | Med | 0.32 | 4.9 | 0.01 | Sep 17, 2018 | MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. | ||
| CVE-2018-14419 | Med | 0.31 | 4.8 | 0.01 | Jul 20, 2018 | MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | ||
| CVE-2019-17418 | 0.07 | — | 0.49 | Oct 9, 2019 | An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. | |||
| CVE-2019-16997 | 0.07 | — | 0.49 | Sep 30, 2019 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. | |||
| CVE-2019-16996 | 0.07 | — | 0.12 | Sep 30, 2019 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. | |||
| CVE-2010-4976 | 0.03 | — | 0.02 | Nov 1, 2011 | Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information. | |||
| CVE-2025-60453 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload… | |||
| CVE-2025-60451 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the… | |||
| CVE-2025-60452 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows attackers to… | |||
| CVE-2025-60450 | 0.00 | — | 0.00 | Oct 3, 2025 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw… | |||
| CVE-2022-44849 | 0.00 | — | 0.00 | Dec 7, 2022 | A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | |||
| CVE-2022-23335 | 0.00 | — | 0.02 | Feb 14, 2022 | Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | |||
| CVE-2022-22295 | 0.00 | — | 0.02 | Feb 14, 2022 | Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. | |||
| CVE-2020-20600 | 0.00 | — | 0.01 | Dec 22, 2021 | MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn. | |||
| CVE-2020-21127 | 0.00 | — | 0.02 | Sep 15, 2021 | MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel. | |||
| CVE-2020-21126 | 0.00 | — | 0.01 | Sep 15, 2021 | MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo. | |||
| CVE-2020-20981 | 0.00 | — | 0.01 | Aug 12, 2021 | A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. | |||
| CVE-2020-19305 | 0.00 | — | 0.02 | Aug 3, 2021 | An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | |||
| CVE-2020-19304 | 0.00 | — | 0.02 | Aug 3, 2021 | An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information. | |||
| CVE-2020-18175 | 0.00 | — | 0.02 | Jul 29, 2021 | SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. | |||
| CVE-2020-18157 | 0.00 | — | 0.01 | Jul 29, 2021 | Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | |||
| CVE-2020-21133 | 0.00 | — | 0.02 | Jul 12, 2021 | SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. | |||
| CVE-2020-21132 | 0.00 | — | 0.02 | Jul 12, 2021 | SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. | |||
| CVE-2020-21131 | 0.00 | — | 0.01 | Jul 12, 2021 | SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. | |||
| CVE-2020-20585 | 0.00 | — | 0.02 | Jul 8, 2021 | A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information. | |||
| CVE-2020-21517 | 0.00 | — | 0.01 | Jun 21, 2021 | Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. | |||
| CVE-2020-20907 | 0.00 | — | 0.02 | May 24, 2021 | MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. | |||
| CVE-2020-20800 | 0.00 | — | 0.02 | Sep 29, 2020 | An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI. | |||
| CVE-2019-17676 | 0.00 | — | 0.01 | Oct 17, 2019 | app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI. | |||
| CVE-2019-17553 | 0.00 | — | 0.02 | Oct 14, 2019 | An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. | |||
| CVE-2019-17419 | 0.00 | — | 0.01 | Oct 9, 2019 | An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. |
- risk 0.66cvss 9.8epss 0.40
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
- risk 0.64cvss 9.8epss 0.01
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.
- risk 0.57cvss 8.8epss 0.01
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
- risk 0.57cvss 8.8epss 0.01
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
- risk 0.57cvss 8.8epss 0.02
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
- risk 0.53cvss 8.1epss 0.02
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
- risk 0.49cvss 7.5epss 0.01
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.
- risk 0.49cvss 7.5epss 0.02
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
- risk 0.47cvss 7.2epss 0.01
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
- risk 0.40cvss 6.1epss 0.01
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
- risk 0.40cvss 6.1epss 0.01
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
- risk 0.40cvss 6.1epss 0.01
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
- risk 0.35cvss 5.3epss 0.02
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.
- risk 0.32cvss 4.9epss 0.01
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
- risk 0.31cvss 4.8epss 0.01
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
- CVE-2019-17418Oct 9, 2019risk 0.07cvss —epss 0.49
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
- CVE-2019-16997Sep 30, 2019risk 0.07cvss —epss 0.49
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
- CVE-2019-16996Sep 30, 2019risk 0.07cvss —epss 0.12
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
- CVE-2010-4976Nov 1, 2011risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.
- CVE-2025-60453Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload…
- CVE-2025-60451Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the…
- CVE-2025-60452Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows attackers to…
- CVE-2025-60450Oct 3, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw…
- CVE-2022-44849Dec 7, 2022risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.
- CVE-2022-23335Feb 14, 2022risk 0.00cvss —epss 0.02
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
- CVE-2022-22295Feb 14, 2022risk 0.00cvss —epss 0.02
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
- CVE-2020-20600Dec 22, 2021risk 0.00cvss —epss 0.01
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.
- CVE-2020-21127Sep 15, 2021risk 0.00cvss —epss 0.02
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
- CVE-2020-21126Sep 15, 2021risk 0.00cvss —epss 0.01
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
- CVE-2020-20981Aug 12, 2021risk 0.00cvss —epss 0.01
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
- CVE-2020-19305Aug 3, 2021risk 0.00cvss —epss 0.02
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
- CVE-2020-19304Aug 3, 2021risk 0.00cvss —epss 0.02
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
- CVE-2020-18175Jul 29, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
- CVE-2020-18157Jul 29, 2021risk 0.00cvss —epss 0.01
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.
- CVE-2020-21133Jul 12, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
- CVE-2020-21132Jul 12, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
- CVE-2020-21131Jul 12, 2021risk 0.00cvss —epss 0.01
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
- CVE-2020-20585Jul 8, 2021risk 0.00cvss —epss 0.02
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
- CVE-2020-21517Jun 21, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
- CVE-2020-20907May 24, 2021risk 0.00cvss —epss 0.02
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php.
- CVE-2020-20800Sep 29, 2020risk 0.00cvss —epss 0.02
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
- CVE-2019-17676Oct 17, 2019risk 0.00cvss —epss 0.01
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.
- CVE-2019-17553Oct 14, 2019risk 0.00cvss —epss 0.02
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.
- CVE-2019-17419Oct 9, 2019risk 0.00cvss —epss 0.01
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
Page 1 of 2