19 matches found
metinfo6.0.0后台update注入(三)
...
metinfo6.0.0后台sql注入
...
CVE-2018-14419
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page...
CVE-2018-14420
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...
CVE-2018-14419
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page...
Code injection
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page...
Cross site request forgery (csrf)
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...
CVE-2018-14420
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...
CVE-2018-14419
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page...
CVE-2018-14419
CVE-2018-14419 affects MetInfo 6.0.0, a PHP/MySQL CMS, where an XSS vulnerability is triggered by modifying the navigation bar name on the home page. The CVSS scores indicate a Network attack vector with low (v2) to medium (v3) impact and user interaction not required on v2 but UI interaction on ...
MetInfo Cross-Site Request Forgery Vulnerability (CNVD-2018-11843)
MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site request forgery vulnerability exists in the admin/app/batch/csvup.php file in MetInfo version 6.0.0. A remote attacker can exploit this vulnerability with the help of a...
Directory traversal
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF...
CVE-2018-12530
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF...
MetInfo 6.0.0代码执行漏洞(后台直接拿shell)
...
CVE-2018-7721
Cross Site Scripting XSS exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data...
Cross site scripting
Cross Site Scripting XSS exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data...
CVE-2018-7721
Cross Site Scripting XSS exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data...
Design/Logic Flaw
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...
Command Execution Vulnerability in MetInfo Version 6.0.0 Configuration File
MetInfo is a Content Management System CMS developed using PHP and Mysql. A command execution vulnerability exists in the MetInfo version 6.0.0 configuration file. The vulnerability is caused due to improper filtering of the database configuration file during program reinstallation, which allows...