Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:52 a.m.6 views

CVE-2017-11500

A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php...

7.5CVSS7AI score0.01558EPSS
Exploits1References1
NVD
NVD
added 2017/09/17 9:29 p.m.21 views

CVE-2017-14513

Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the ffilename parameter in a fingerprintdo action to admin/app/physical/physical.php...

5.3CVSS5.2AI score0.01779EPSS
Exploits1References1
Prion
Prion
added 2017/09/17 9:29 p.m.17 views

Directory traversal

Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the ffilename parameter in a fingerprintdo action to admin/app/physical/physical.php...

5CVSS5.2AI score0.01779EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/09/17 9:0 p.m.52 views

CVE-2017-14513

MetInfo 5.3.17 contains a directory traversal vulnerability that lets remote attackers read arbitrary INI-format files via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. Exploitation could disclose sensitive data from the server. Affected software/component...

5.3CVSS5.1AI score0.01779EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/07/28 5:29 a.m.20 views

Code injection

There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php...

5.8CVSS6.2AI score0.00658EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/07/20 10:29 p.m.18 views

Directory traversal

A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php...

5CVSS7.5AI score0.01558EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/07/20 10:0 p.m.52 views

CVE-2017-11500

CVE-2017-11500 is a directory-traversal vulnerability in MetInfo 5.3.17. A remote attacker can use ".." in the filenames parameter of /admin/system/database/filedown.php to delete arbitrary .zip files. Documents provide this as the root cause and affected component; no exploitation details or pat...

7.5CVSS7.5AI score0.01558EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/07/19 12:0 p.m.52 views

CVE-2017-9764

MetInfo CMS 5.3.17 contains a cross-site scripting (XSS) vulnerability where an attacker can inject arbitrary web script or HTML by sending crafted Client-IP or X-Forwarded-For HTTP headers to /include/stat/stat.php with a para action. Multiple connected sources (CNVD-2017-25435, CVE/NVD entries)...

6.1CVSS6AI score0.00802EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/07/17 1:18 p.m.16 views

CVE-2017-11347

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

8.8CVSS8.6AI score0.01734EPSS
Exploits1References1
Prion
Prion
added 2017/07/17 1:18 p.m.20 views

Remote code execution

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

6.5CVSS8.4AI score0.01734EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/07/16 11:0 p.m.17 views

CVE-2017-11347

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

8.6AI score0.01734EPSS
Exploits1References1
Rows per page
Query Builder