CVE-2018-19051

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abttype parameter...

CVE-2019-7718

An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack=index=dogetsql=...

CVE-2019-16996

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/productadmin.class.php via the admin/?n=product=productadmin=doparatype=shop id parameter...

EUVD-2020-13910

Malware in sbrugna...

EUVD-2018-4500

Malware in sbrugna...

EUVD-2019-7815

Malware in sbrugna...

EUVD-2020-13385

Malware in sbrugna...

EUVD-2018-4501

Malware in sbrugna...

EUVD-2020-13903

Malware in sbrugna...

EUVD-2017-3325

Malware in sbrugna...

EUVD-2010-4940

Malware in sbrugna...

EUVD-2017-4328

Malware in sbrugna...

EUVD-2017-3118

Malware in sbrugna...

EUVD-2018-6337

Malware in sbrugna...

EUVD-2018-10030

Malware in sbrugna...

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...

CVE-2020-20800

An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup=yes=yes=yes URI...

CVE-2020-19305

An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges...

CVE-2020-21126

MetInfo 7.0.0 contains a Cross-Site Request Forgery CSRF via admin/?n=admin=index=doSaveInfo...

CVE-2018-13024

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...