EUVD-2026-17875

🗓️ 01 Apr 2026 15:31:15Reported by EUVDType

MetInfo CMS versions 7.9, 8.0, 8.1 permit unauthenticated PHP code execution and full server control.

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2026-29014	1 Apr 202615:26	–	circl
CNNVD	MetInfo CMS 安全漏洞	1 Apr 202600:00	–	cnnvd
CVE	CVE-2026-29014	1 Apr 202612:22	–	cve
Cvelist	CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE	1 Apr 202612:22	–	cvelist
Nuclei	MetInfo CMS <= 8.1 - Remote Code Execution	10 Jun 202605:11	–	nuclei
NVD	CVE-2026-29014	1 Apr 202613:16	–	nvd
Packet Storm	📄 MetInfo CMS 8.1 Code Injection	1 Apr 202600:00	–	packetstorm
Packet Storm	📄 MetInfo CMS 8.1 Shell Upload Mass Exploiter	24 Apr 202600:00	–	packetstorm
Packet Storm	📄 MetInfo CMS 8.1 PHP Code Injection	24 Apr 202600:00	–	packetstorm
Packet Storm News	MetInfo CMS 8.1 WeChat Module Vulnerability Detection Scanner	24 Apr 202600:00	–	packetstormnews

[
  {
    "enisaIdVendor": [
      {
        "id": "366e9973-a8a3-30bd-bba0-1f7d339b6396",
        "vendor": {
          "name": "MetInfo CMS"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "53c40ec5-c59d-3c0f-9da7-37c4c07394fc",
        "product": {
          "name": "MetInfo CMS"
        },
        "product_version": "7.9.0 ≤8.1.0"
      }
    ]
  }
]

Source	Link
karmainsecurity	www.karmainsecurity.com/KIS-2026-06
metinfo	www.metinfo.cn/
vulncheck	www.vulncheck.com/advisories/metinfo-cms-unauthenticated-php-code-injection-rce
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-29014

01 Apr 2026 15:31Current

6.7Medium risk

Vulners AI Score6.7

CVSS 49.3

CVSS 3.19.8

EPSS0.32087