Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Metinfo Project Security Vulnerabilities

cve
cve

CVE-2017-11715

job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.

9.8CVSS

9.3AI Score

0.013EPSS

2017-07-28 05:29 AM
30
cve
cve

CVE-2017-11716

MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.

6.1CVSS

5.8AI Score

0.001EPSS

2017-07-28 05:29 AM
24
cve
cve

CVE-2017-11717

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.

7.5CVSS

7.5AI Score

0.002EPSS

2017-07-28 05:29 AM
31
cve
cve

CVE-2017-11718

There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.

6.1CVSS

6.2AI Score

0.001EPSS

2017-07-28 05:29 AM
26