MetInfo CMS 8.1 WeChat Module Vulnerability Detection Scanner

This Metasploit auxiliary module is a non-exploit vulnerability detection scanner designed to assess potential security weaknesses in the MetInfo CMS WeChat module, specifically related to weixinreply.class.php handling logic...

PT-2026-29514

Name of the Vulnerable Software and Affected Versions MetInfo CMS versions 7.9 through 8.1 Description An unauthenticated PHP code injection flaw allows remote attackers to execute arbitrary code and gain full control over the affected server by sending crafted requests containing malicious PHP...

📄 MetInfo CMS 8.1 Code Injection

MetInfo CMS versions 8.1 and below suffer from a PHP code injection vulnerability in weixinreply.class.php. --------------------------------------------------------------------------- MetInfo CMS = 8.1 weixinreply.class.php PHP Code Injection Vulnerability...

PT-2025-45352

Name of the Vulnerable Software and Affected Versions MetInfo Content Management System CMS versions through 8.1 Description A Server-Side Request Forgery SSRF issue, achievable through an XML External Entity XXE injection, exists. The flaw is due to a defect in the XML parsing logic, allowing an...

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China Mito MetInfo. A security vulnerability exists in MetInfo CMS 8.1 and prior versions, which stems from a flaw in the XML parsing logic and could lead to a server-side request forgery attack...

CVE-2025-60453

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...

EUVD-2025-32301

Malicious code in bioql PyPI...

EUVD-2025-32294

Malicious code in bioql PyPI...

CVE-2025-60451

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...

CVE-2025-60452

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...

PT-2025-40523

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS issue exists in the image management module of the software. The vulnerability is located in the appsystemimgadminimg admin.class.php component. Attackers can upload malicio...

CVE-2025-60451

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...

PT-2025-40522

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS issue exists in MetInfo CMS. The vulnerability is located in the column management module, specifically within the appsystemcolumnadminindex.class.php component. Attackers c...

CVE-2025-60452

MetInfo CMS v8.0 contains a stored XSS in the download management module (app\system\download\admin\download_admin.class.php) caused by accepting unvalidated SVG uploads (containing JavaScript) that execute when viewed. Red Hat and other sources corroborate the same description. Impact is a store...

Arbitrary File Deletion Vulnerability in MetInfo Backend

MetInfo is a content management system CMS developed using PHP and Mysql by Changsha Mito Information Technology Co. There is an arbitrary file deletion vulnerability in the MetInfo backend, which can be exploited by an attacker to delete arbitrary files...