Lucene search
K

19 matches found

seebug.org
seebug.org
added 2018/07/30 12:0 a.m.515 views

metinfo6.0.0后台update注入(三)

...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.515 views

metinfo6.0.0后台sql注入

...

0.8AI score
Exploits0
OSV
OSV
added 2018/07/20 1:29 a.m.0 views

CVE-2018-14419

MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page...

4.8CVSS5.8AI score0.00518EPSS
Exploits0References1
NVD
NVD
added 2018/07/20 1:29 a.m.16 views

CVE-2018-14420

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...

8.8CVSS8.6AI score0.00523EPSS
Exploits1References1
NVD
NVD
added 2018/07/20 1:29 a.m.18 views

CVE-2018-14419

MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page...

4.8CVSS4.9AI score0.00518EPSS
Exploits0References1
Prion
Prion
added 2018/07/20 1:29 a.m.14 views

Code injection

MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page...

3.5CVSS4.8AI score0.00518EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/07/20 1:29 a.m.17 views

Cross site request forgery (csrf)

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...

6.8CVSS8.5AI score0.00523EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/07/19 6:0 p.m.15 views

CVE-2018-14420

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...

8.6AI score0.00523EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/07/19 6:0 p.m.18 views

CVE-2018-14419

MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page...

4.9AI score0.00518EPSS
Exploits0References1
CVE
CVE
added 2018/07/19 6:0 p.m.49 views

CVE-2018-14419

CVE-2018-14419 affects MetInfo 6.0.0, a PHP/MySQL CMS, where an XSS vulnerability is triggered by modifying the navigation bar name on the home page. The CVSS scores indicate a Network attack vector with low (v2) to medium (v3) impact and user interaction not required on v2 but UI interaction on ...

4.8CVSS4.8AI score0.00518EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/06/19 12:0 a.m.4 views

MetInfo Cross-Site Request Forgery Vulnerability (CNVD-2018-11843)

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site request forgery vulnerability exists in the admin/app/batch/csvup.php file in MetInfo version 6.0.0. A remote attacker can exploit this vulnerability with the help of a...

6.5CVSS6.7AI score0.01611EPSS
Exploits1References1
Prion
Prion
added 2018/06/18 2:29 p.m.13 views

Directory traversal

An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF...

5.8CVSS6.5AI score0.01611EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/06/18 2:0 p.m.16 views

CVE-2018-12530

An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF...

6.5AI score0.01611EPSS
Exploits1References1
seebug.org
seebug.org
added 2018/04/04 12:0 a.m.430 views

MetInfo 6.0.0代码执行漏洞(后台直接拿shell)

...

1.2AI score
Exploits0
NVD
NVD
added 2018/03/07 8:29 a.m.13 views

CVE-2018-7721

Cross Site Scripting XSS exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
Prion
Prion
added 2018/03/07 8:29 a.m.13 views

Cross site scripting

Cross Site Scripting XSS exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data...

4.3CVSS6AI score0.00675EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/03/07 8:0 a.m.17 views

CVE-2018-7721

Cross Site Scripting XSS exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data...

6.1AI score0.00675EPSS
Exploits1References1
Prion
Prion
added 2018/02/21 12:29 a.m.13 views

Design/Logic Flaw

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

9.3CVSS9.1AI score0.01648EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/02/20 12:0 a.m.1 views

Command Execution Vulnerability in MetInfo Version 6.0.0 Configuration File

MetInfo is a Content Management System CMS developed using PHP and Mysql. A command execution vulnerability exists in the MetInfo version 6.0.0 configuration file. The vulnerability is caused due to improper filtering of the database configuration file during program reinstallation, which allows...

7.4AI score
Exploits0
Rows per page
Query Builder