693 matches found
CVE-2018-19051
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abttype parameter...
CVE-2018-19050
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter...
CVE-2022-23335
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in languagegeneral.class.php via doModifyParameter...
CVE-2017-12790
Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...
CVE-2019-7718
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack=index=dogetsql=...
CVE-2019-16996
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/productadmin.class.php via the admin/?n=product=productadmin=doparatype=shop id parameter...
CVE-2019-16997
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/languagegeneral.class.php via the admin/?n=language=languagegeneral=doExportPack appno parameter...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
EUVD-2025-38154
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system from China Mito MetInfo. A security vulnerability exists in MetInfo CMS 8.1 and prior versions, which stems from a flaw in the XML parsing logic and could lead to a server-side request forgery attack...
PT-2025-45352
Name of the Vulnerable Software and Affected Versions MetInfo Content Management System CMS versions through 8.1 Description A Server-Side Request Forgery SSRF issue, achievable through an XML External Entity XXE injection, exists. The flaw is due to a defect in the XML parsing logic, allowing an...
CVE-2025-63551
MetInfo CMS, up to version 8.1, contains an SSRF flaw exploitable via XXE in its XML parsing logic. An attacker can craft a malicious XML entity that makes the server issue an HTTP request to an internal or external address, potentially enabling internal network reconnaissance, port scanning, or ...
EUVD-2017-4328
Malware in sbrugna...
EUVD-2017-3118
Malware in sbrugna...
EUVD-2018-10767
Malware in sbrugna...
EUVD-2017-3325
Malware in sbrugna...