Metinfo Project Security Vulnerabilities
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator...
8.8CVSS
8.7AI Score
0.001EPSS
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to...
6.1CVSS
6.2AI Score
0.001EPSS
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass...
7.5CVSS
7.5AI Score
0.002EPSS
6.1CVSS
5.8AI Score
0.001EPSS
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and...
9.8CVSS
9.3AI Score
0.013EPSS