2 matches found
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system CMS known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 CVSS score: 9.8, a code injection flaw that could result in arbitrary...
📄 MetInfo CMS 8.1 PHP Code Injection
This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...