Lucene search
K

64 matches found

Nuclei
Nuclei
โ€ขadded 2 days agoโ€ข72 views

MetInfo CMS <= 8.1 - Remote Code Execution

MetInfo CMS 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability caused by insufficient input neutralization in the execution path, letting remote attackers execute arbitrary code remotely, exploit requires crafted requests. id: CVE-2026-29014 info: name: MetInfo CMS = 8....

9.8CVSS7.9AI score0.39688EPSS
Exploits4References3
The Hacker News
The Hacker News
โ€ขadded 2026/05/05 11:56 a.m.โ€ข11 views

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system CMS known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 CVSS score: 9.8, a code injection flaw that could result in arbitrary...

9.8CVSS6.8AI score0.39688EPSS
Exploits4
VulnCheck KEV
VulnCheck KEV
โ€ขadded 2026/04/25 12:0 a.m.โ€ข12 views

VulnCheck KEV: CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS6.8AI score0.39688EPSS
In wildExploits4References36
Packet Storm
Packet Storm
โ€ขadded 2026/04/24 12:0 a.m.โ€ข115 views

๐Ÿ“„ MetInfo CMS 8.1 PHP Code Injection

This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...

9.8CVSS6.5AI score0.39688EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2026/04/24 12:0 a.m.โ€ข86 views

๐Ÿ“„ MetInfo CMS 8.1 Shell Upload Mass Exploiter

This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014...

9.8CVSS5.3AI score0.39688EPSS
Exploits4
Packet Storm News
Packet Storm News
โ€ขadded 2026/04/20 12:0 a.m.โ€ข5 views

MetInfo CMS 8.1 XML Endpoint Behavior Analysis Tool

This script is a PHP-based analysis tool designed to interact with MetInfo CMS 8.1 endpoints through an XML-based interface. It uses cURL to send structured requests to a specific MetInfo module endpoint and evaluates the HTTP responses for basic fingerprinting indicators such as known keywords a...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2026/04/02 4:56 p.m.โ€ข3 views

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS6.7AI score0.39688EPSS
Exploits4References1
EUVD
EUVD
โ€ขadded 2026/04/01 3:31 p.m.โ€ข32 views

EUVD-2026-17875

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS6.7AI score0.39688EPSS
Exploits4References4
NVD
NVD
โ€ขadded 2026/04/01 1:16 p.m.โ€ข46 views

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS0.39688EPSS
Exploits4References5
CVE
CVE
โ€ขadded 2026/04/01 12:22 p.m.โ€ข31 views

CVE-2026-29014

CVE-2026-29014 affects MetInfo CMS versions 7.9, 8.0, and 8.1 with an unauthenticated PHP code injection that enables remote code execution. The vulnerability arises from insufficient input neutralization in the execution path, allowing remote attackers to send crafted requests containing PHP cod...

9.8CVSS6.7AI score0.39688EPSS
In wildExploits4References5Affected Software1
Vulnrichment
Vulnrichment
โ€ขadded 2026/04/01 12:22 p.m.โ€ข8 views

CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS6.8AI score0.39688EPSS
Exploits4References3
Cvelist
Cvelist
โ€ขadded 2026/04/01 12:22 p.m.โ€ข61 views

CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS0.39688EPSS
Exploits4References3
CNNVD
CNNVD
โ€ขadded 2026/04/01 12:0 a.m.โ€ข6 views

MetInfo CMS ๅฎ‰ๅ…จๆผๆดž

MetInfo CMS is a content management system developed by MetInfo Corporation. Versions 7.9, 8.0, and 8.1 of MetInfo CMS have security vulnerabilities. These vulnerabilities stem from unvalidated PHP code injection, which could allow remote attackers to execute arbitrary code by sending specially...

9.8CVSS6.4AI score0.39688EPSS
Exploits4References3
RedhatCVE
RedhatCVE
โ€ขadded 2025/11/07 12:19 a.m.โ€ข17 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

7.5CVSS7AI score0.0046EPSS
Exploits1References1
EUVD
EUVD
โ€ขadded 2025/11/06 9:31 p.m.โ€ข4 views

EUVD-2025-38154

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

6.5AI score0.0046EPSS
Exploits1References3
NVD
NVD
โ€ขadded 2025/11/06 7:15 p.m.โ€ข4 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

7.5CVSS0.0046EPSS
Exploits1References2
Vulnrichment
Vulnrichment
โ€ขadded 2025/11/06 12:0 a.m.โ€ข10 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

6.6AI score0.0046EPSS
Exploits1References2
CVE
CVE
โ€ขadded 2025/11/06 12:0 a.m.โ€ข21 views

CVE-2025-63551

MetInfo CMS, up to version 8.1, contains an SSRF flaw exploitable via XXE in its XML parsing logic. An attacker can craft a malicious XML entity that makes the server issue an HTTP request to an internal or external address, potentially enabling internal network reconnaissance, port scanning, or ...

7.5CVSS6.6AI score0.0046EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
โ€ขadded 2025/10/04 12:56 a.m.โ€ข5 views

CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

6.1CVSS6AI score0.00213EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/10/04 12:56 a.m.โ€ข6 views

CVE-2025-60452

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...

6.1CVSS6.1AI score0.00213EPSS
Exploits1References1
Rows per page
Query Builder