2 matches found
CVE-2025-60451
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...
Arbitrary File Deletion Vulnerability in MetInfo Backend
MetInfo is a content management system CMS developed using PHP and Mysql by Changsha Mito Information Technology Co. There is an arbitrary file deletion vulnerability in the MetInfo backend, which can be exploited by an attacker to delete arbitrary files...