11 matches found
CVE-2017-11500
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php...
CVE-2017-14513
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the ffilename parameter in a fingerprintdo action to admin/app/physical/physical.php...
Directory traversal
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the ffilename parameter in a fingerprintdo action to admin/app/physical/physical.php...
CVE-2017-14513
MetInfo 5.3.17 contains a directory traversal vulnerability that lets remote attackers read arbitrary INI-format files via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. Exploitation could disclose sensitive data from the server. Affected software/component...
Code injection
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php...
Directory traversal
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php...
CVE-2017-11500
CVE-2017-11500 is a directory-traversal vulnerability in MetInfo 5.3.17. A remote attacker can use ".." in the filenames parameter of /admin/system/database/filedown.php to delete arbitrary .zip files. Documents provide this as the root cause and affected component; no exploitation details or pat...
CVE-2017-9764
MetInfo CMS 5.3.17 contains a cross-site scripting (XSS) vulnerability where an attacker can inject arbitrary web script or HTML by sending crafted Client-IP or X-Forwarded-For HTTP headers to /include/stat/stat.php with a para action. Multiple connected sources (CNVD-2017-25435, CVE/NVD entries)...
CVE-2017-11347
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...
Remote code execution
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...
CVE-2017-11347
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...