CVE-2017-11500

A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php...

WordPress 5.3.x < 5.3.17 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...

Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Maximo For Civil infrastructure is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

Exploit for Code Injection in Vmware Spring_Framework

Spring4shell RCE vulnerability This vulnerability affects Spr...

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

This page last updated: April 7th A new zero-day Remote Code Execution RCE vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An unauthorized attacker can exploit this vulnerability to remotely execute arbitrary code on the target device. What is Spring Framewor...

Spring Framework 代码注入漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A code injection vulnerability exists in Spring Framework that stems from the RCE for data binding on JDK 9+.The following products...

MetInfo Directory Traversal Vulnerability

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A directory traversal vulnerability exists in MetInfo version 5.3.17. A remote attacker can exploit this vulnerability to read information in an ini format file...

CVE-2017-14513

Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the ffilename parameter in a fingerprintdo action to admin/app/physical/physical.php...

Directory traversal

Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the ffilename parameter in a fingerprintdo action to admin/app/physical/physical.php...

CVE-2017-14513

Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the ffilename parameter in a fingerprintdo action to admin/app/physical/physical.php...

CVE-2017-14513

MetInfo 5.3.17 contains a directory traversal vulnerability that lets remote attackers read arbitrary INI-format files via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. Exploitation could disclose sensitive data from the server. Affected software/component...

Code injection

There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php...

CVE-2017-11716

MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode...

CVE-2017-11716

MetInfo vulnerable to stored XSS through HTML Edit Mode in versions up to 5.3.17 (CVE-2017-11716). Affected software: MetInfo CMS. Root cause: HTML Edit Mode allows injection of arbitrary scripts; impact includes partial integrity concerns and possible user impersonation in the web UI. No explici...

MetInfo has a logic flaw

MetInfo is a Content Management System CMS developed using PHP and Mysql. A logic vulnerability exists in MetInfo 5.3.17 and earlier versions. A remote attacker can exploit this vulnerability by changing the data flow between client servers to bypass captcha...

File Upload Vulnerability in MetInfo System

MetInfo is a Content Management System CMS developed using PHP and Mysql. A file vulnerability exists in the job/uploadfilesave.php file in MetInfo 5.3.17 and earlier versions, which stems from the program only blocking .php extensions and failing to block its related extensions. A remote attacke...

Directory traversal

A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php...

CVE-2017-11500

CVE-2017-11500 is a directory-traversal vulnerability in MetInfo 5.3.17. A remote attacker can use ".." in the filenames parameter of /admin/system/database/filedown.php to delete arbitrary .zip files. Documents provide this as the root cause and affected component; no exploitation details or pat...

CVE-2017-9764

MetInfo CMS 5.3.17 contains a cross-site scripting (XSS) vulnerability where an attacker can inject arbitrary web script or HTML by sending crafted Client-IP or X-Forwarded-For HTTP headers to /include/stat/stat.php with a para action. Multiple connected sources (CNVD-2017-25435, CVE/NVD entries)...