12 matches found
CVE-2022-23335
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in languagegeneral.class.php via doModifyParameter...
EUVD-2018-10768
Malware in sbrugna...
EUVD-2020-13580
Malware in sbrugna...
EUVD-2020-13909
Malware in sbrugna...
CVE-2022-22295
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameteradmin.class.php via the tablepara parameter...
CVE-2020-21127
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs=index=dodel...
CVE-2020-20981
A SQL injection in the /admin/?n=logs=index=dolist component of Metinfo 7.0 allows attackers to access sensitive database information...
CVE-2019-17676
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI...
Design/Logic Flaw
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/logincheck.php urlarray parameter...
MetInfo 6.1.0 前台sql注入
...
Remote Code Execution Vulnerability in MetInfo Version 5.3.19
MetInfo is a Content Management System CMS developed using PHP and Mysql. A remote code execution vulnerability exists in MetInfo version 5.3.19, which can be exploited by an authenticated remote attacker to obtain a webshell and gain control of the server...
Command Execution Vulnerability Due to Improper Filtering of Database Configuration File in MetInfo Version 5.3.18
MetInfo is a Content Management System CMS developed using PHP and Mysql. A security vulnerability exists in the backend of MetInfo version 5.3.18. The vulnerability is due to improper filtering of the database configuration file during program reinstallation, resulting in malicious code that can...