64 matches found
CVE-2025-60453
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system CMS from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the download management module, which could lead to a stored cross-site scripting attack...
PT-2025-40521
Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS issue exists in the download management module of the software. The vulnerability is located in the appsystemdownloadadmindownload admin.class.php component. Attackers can...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the Image Management module and could lead to a stored cross-site scripting attack...
CVE-2025-60454
MetInfo CMS 8.0 is affected in the image management module. The XSS vulnerability arises from unvalidated SVG uploads in the file path app\system\img\admin\img_admin.class.php, enabling stored JavaScript execution when users view/access the uploaded SVG. Multiple connected sources corroborate thi...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...
PT-2025-40519
Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS flaw exists due to inadequate validation and sanitization of SVG file uploads within the appsystemincludemoduleeditorUploader.class.php component. This allows attackers to...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60450
MetInfo CMS 8.0 is affected by a stored XSS in file upload handling. The vulnerability arises from insufficient validation and sanitization of SVG uploads in app\system\include\module\editor\Uploader.class.php, allowing an attacker to upload SVG files containing JavaScript that executes when view...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
The vulnerability of the index.php implementation in the Metinfo CMS system allows a perpetrator to execute arbitrary SQL code.
The vulnerability of the index.php script implementation in the Metinfo CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
The vulnerability of the member/getpassword.php?lang=cn&a=dovalid implementation in the CMS system Metinfo allows a perpetrator to execute arbitrary SQL code.
The vulnerability of the member/getpassword.php?lang=cn&a=dovalid script in the CMS system Metinfo is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
MetInfo SQL Injection Vulnerability (CNVD-2021-51805)
Metinfo MetInfo is a content management system CMS developed by China Mito Metinfo using PHP and Mysql. A SQL injection vulnerability exists in getpassword.php in Metinfo 7.0.0beta, which arises from a database-based application that lacks validation of externally entered SQL statements. An...
Logic flaw vulnerability in metinfo (CNVD-2021-42407)
Mito enterprise building system MetInfo is a free and open source enterprise CMS. There is a logic flaw vulnerability in metinfo, which can be exploited by an attacker to delete arbitrary files without authorization...
SQL Injection Vulnerability in MetInfo 7.3.0
MetInfo is a free and open source enterprise CMS. MetInfo 7.3.0 suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...
File Upload Vulnerability in MetInfo Enterprise Website Builder System
MetInfo Enterprise Building System is a free and open source enterprise CMS. A file upload vulnerability exists in MetInfo Enterprise CMS, which can be exploited by an attacker to gain control of the server...
Metinfo SQL Injection Vulnerability (CNVD-2019-24207)
MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A SQL injection vulnerability exists in MetInfo version 6.x. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can explo...
SQL injection vulnerability in MetInfo CMS version 6.1.3 ba***.php page
MetInfo CMS 6.1.3 is an enterprise website management system with PHP Mysql architecture. A SQL injection vulnerability exists in the ba.php page of MetInfo CMS version 6.1.3, which can be exploited by attackers to obtain sensitive information from the database...
File Upload Vulnerability in MetInfo System
MetInfo is a Content Management System CMS developed using PHP and Mysql. A file vulnerability exists in the job/uploadfilesave.php file in MetInfo 5.3.17 and earlier versions, which stems from the program only blocking .php extensions and failing to block its related extensions. A remote attacke...