64 matches found
File Upload Vulnerability in MetInfo System
MetInfo is a Content Management System CMS developed using PHP and Mysql. A file vulnerability exists in the job/uploadfilesave.php file in MetInfo 5.3.17 and earlier versions, which stems from the program only blocking .php extensions and failing to block its related extensions. A remote attacke...
File upload vulnerability in the latest version of metinfo
metinfo cms is an enterprise website management system with PHP Mysql architecture. A file upload vulnerability exists in metinfo cms due to the system not effectively filtering the depth variable. An attacker can use this vulnerability to bypass the include file and upload a webshell to gain...
Cross-site scripting and cross-site request forgery vulnerabilities in metinfo
metinfo cms is an enterprise website management system with PHP Mysql architecture. There are cross-site scripting and cross-site request forgery vulnerabilities in metinfo. metinfocms "background settings-basic information-third-party code" form does not have token validation and effective...
metinfo cms has csrf vulnerability
metinfo cms is an enterprise website management system with PHP Mysql architecture. metinfo cms has a csrf vulnerability, which can be exploited by attackers to add administrators without restriction...