Lucene search
+L

64 matches found

vulnrichment
vulnrichment
added 2025/10/03 12:0 a.m.3 views

CVE-2025-60453

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...

5.7AI score0.00244EPSS
Exploits1References1
cvelist
cvelist
added 2025/10/03 12:0 a.m.12 views

CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

0.00213EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/10/03 12:0 a.m.5 views

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system CMS from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the download management module, which could lead to a stored cross-site scripting attack...

6.1CVSS5.9AI score0.00213EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/10/03 12:0 a.m.6 views

PT-2025-40521

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS issue exists in the download management module of the software. The vulnerability is located in the appsystemdownloadadmindownload admin.class.php component. Attackers can...

6.1CVSS6AI score0.00213EPSS
Exploits1References3
cnnvd
cnnvd
added 2025/10/03 12:0 a.m.5 views

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the Image Management module and could lead to a stored cross-site scripting attack...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References1
cve
cve
added 2025/10/03 12:0 a.m.12 views

CVE-2025-60454

MetInfo CMS 8.0 is affected in the image management module. The XSS vulnerability arises from unvalidated SVG uploads in the file path app\system\img\admin\img_admin.class.php, enabling stored JavaScript execution when users view/access the uploaded SVG. Multiple connected sources corroborate thi...

6.1CVSS5.7AI score0.00244EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2025/10/03 12:0 a.m.7 views

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...

6.1CVSS5.9AI score0.00213EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/10/03 12:0 a.m.7 views

PT-2025-40519

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS flaw exists due to inadequate validation and sanitization of SVG file uploads within the appsystemincludemoduleeditorUploader.class.php component. This allows attackers to...

6.1CVSS5.8AI score0.00213EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/10/03 12:0 a.m.3 views

CVE-2025-60454

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...

5.7AI score0.00244EPSS
Exploits1References1
cve
cve
added 2025/10/03 12:0 a.m.13 views

CVE-2025-60450

MetInfo CMS 8.0 is affected by a stored XSS in file upload handling. The vulnerability arises from insufficient validation and sanitization of SVG uploads in app\system\include\module\editor\Uploader.class.php, allowing an attacker to upload SVG files containing JavaScript that executes when view...

6.1CVSS5.7AI score0.00213EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/10/03 12:0 a.m.5 views

CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

5.7AI score0.00213EPSS
Exploits1References1
bdu_fstec
bdu_fstec
added 2022/10/06 12:0 a.m.7 views

The vulnerability of the index.php implementation in the Metinfo CMS system allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the index.php script implementation in the Metinfo CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

10CVSS8.2AI score0.01739EPSS
Exploits1References4
bdu_fstec
bdu_fstec
added 2022/10/06 12:0 a.m.6 views

The vulnerability of the member/getpassword.php?lang=cn&a=dovalid implementation in the CMS system Metinfo allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the member/getpassword.php?lang=cn&a=dovalid script in the CMS system Metinfo is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

10CVSS8.2AI score0.01739EPSS
Exploits1References4
cnvd
cnvd
added 2021/07/15 12:0 a.m.6 views

MetInfo SQL Injection Vulnerability (CNVD-2021-51805)

Metinfo MetInfo is a content management system CMS developed by China Mito Metinfo using PHP and Mysql. A SQL injection vulnerability exists in getpassword.php in Metinfo 7.0.0beta, which arises from a database-based application that lacks validation of externally entered SQL statements. An...

9.8CVSS8AI score0.01739EPSS
Exploits1References1
cnvd
cnvd
added 2021/06/05 12:0 a.m.2 views

Logic flaw vulnerability in metinfo (CNVD-2021-42407)

Mito enterprise building system MetInfo is a free and open source enterprise CMS. There is a logic flaw vulnerability in metinfo, which can be exploited by an attacker to delete arbitrary files without authorization...

7.1AI score
Exploits0
cnvd
cnvd
added 2021/05/28 12:0 a.m.3 views

SQL Injection Vulnerability in MetInfo 7.3.0

MetInfo is a free and open source enterprise CMS. MetInfo 7.3.0 suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...

7.5AI score
Exploits0
cnvd
cnvd
added 2020/12/12 12:0 a.m.2 views

File Upload Vulnerability in MetInfo Enterprise Website Builder System

MetInfo Enterprise Building System is a free and open source enterprise CMS. A file upload vulnerability exists in MetInfo Enterprise CMS, which can be exploited by an attacker to gain control of the server...

7.4AI score
Exploits0
cnvd
cnvd
added 2019/07/24 12:0 a.m.3 views

Metinfo SQL Injection Vulnerability (CNVD-2019-24207)

MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A SQL injection vulnerability exists in MetInfo version 6.x. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can explo...

8.8CVSS8.2AI score0.01269EPSS
Exploits1References1
cnvd
cnvd
added 2019/02/21 12:0 a.m.1 views

SQL injection vulnerability in MetInfo CMS version 6.1.3 ba***.php page

MetInfo CMS 6.1.3 is an enterprise website management system with PHP Mysql architecture. A SQL injection vulnerability exists in the ba.php page of MetInfo CMS version 6.1.3, which can be exploited by attackers to obtain sensitive information from the database...

7.7AI score
Exploits0
cnvd
cnvd
added 2017/07/26 12:0 a.m.4 views

File Upload Vulnerability in MetInfo System

MetInfo is a Content Management System CMS developed using PHP and Mysql. A file vulnerability exists in the job/uploadfilesave.php file in MetInfo 5.3.17 and earlier versions, which stems from the program only blocking .php extensions and failing to block its related extensions. A remote attacke...

9.8CVSS9.8AI score0.01492EPSS
Exploits1
Rows per page
Query Builder