62 matches found
MetInfo CMS <= 8.1 - Remote Code Execution
MetInfo CMS 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability caused by insufficient input neutralization in the execution path, letting remote attackers execute arbitrary code remotely, exploit requires crafted requests. id: CVE-2026-29014 info: name: MetInfo CMS = 8....
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system CMS known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 CVSS score: 9.8, a code injection flaw that could result in arbitrary...
VulnCheck KEV: CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
📄 MetInfo CMS 8.1 Shell Upload Mass Exploiter
This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014...
📄 MetInfo CMS 8.1 PHP Code Injection
This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...
MetInfo CMS 8.1 XML Endpoint Behavior Analysis Tool
This script is a PHP-based analysis tool designed to interact with MetInfo CMS 8.1 endpoints through an XML-based interface. It uses cURL to send structured requests to a specific MetInfo module endpoint and evaluates the HTTP responses for basic fingerprinting indicators such as known keywords a...
CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
EUVD-2026-17875
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
CVE-2026-29014
CVE-2026-29014 affects MetInfo CMS versions 7.9, 8.0, and 8.1 with an unauthenticated PHP code injection that enables remote code execution. The vulnerability arises from insufficient input neutralization in the execution path, allowing remote attackers to send crafted requests containing PHP cod...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system developed by MetInfo Corporation. Versions 7.9, 8.0, and 8.1 of MetInfo CMS have security vulnerabilities. These vulnerabilities stem from unvalidated PHP code injection, which could allow remote attackers to execute arbitrary code by sending specially...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
EUVD-2025-38154
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-63551
MetInfo CMS, up to version 8.1, contains an SSRF flaw exploitable via XXE in its XML parsing logic. An attacker can craft a malicious XML entity that makes the server issue an HTTP request to an internal or external address, potentially enabling internal network reconnaissance, port scanning, or ...
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...