CVE-2018-19050

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter...

EUVD-2019-17250

Malware in sbrugna...

EUVD-2018-19006

Malware in sbrugna...

EUVD-2017-3327

Malware in sbrugna...

EUVD-2017-18694

Malware in sbrugna...

EUVD-2017-3328

Malware in sbrugna...

CVE-2020-19304

An issue in /admin/index.php?n=system=filept=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information...

Design/Logic Flaw

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...

CVE-2018-12530

An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF...

MetInfo latest version of the arbitrary file read vulnerability warning-the black bar safety net

An attacker by submitting a carefully constructed parameters can get the server end of any file content! MetInfo 5.2 which is the current latest version include/thumb.php file originally used to get the thumbnail, but its structure is the thumbnail path to the presence of an external controlled...