A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator...
8.8CVSS
8.7AI Score
0.001EPSS
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to...
7.5CVSS
7.5AI Score
0.002EPSS
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and...
8.8CVSS
8.4AI Score
0.002EPSS
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload...
7.2CVSS
7.2AI Score
0.003EPSS
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[]...
6.1CVSS
6AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's...
8.8CVSS
8.4AI Score
0.004EPSS
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via...
8.1CVSS
8.2AI Score
0.003EPSS
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via...
9.8CVSS
9.8AI Score
0.002EPSS
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para...
9.8CVSS
9.7AI Score
0.002EPSS
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of...
5.4CVSS
5.2AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database...
7.5CVSS
7.8AI Score
0.002EPSS
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate...
9.8CVSS
9.4AI Score
0.004EPSS
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive...
7.5CVSS
7.4AI Score
0.004EPSS
9.8CVSS
9.8AI Score
0.002EPSS
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in...
8.8CVSS
8.7AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
7.2CVSS
7.5AI Score
0.001EPSS
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database...
7.5CVSS
7.8AI Score
0.003EPSS
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in...
6.1CVSS
6AI Score
0.001EPSS
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and...
9.1CVSS
9.1AI Score
0.002EPSS
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes...
9.8CVSS
9.9AI Score
0.002EPSS
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup...
8.8CVSS
8.4AI Score
0.001EPSS
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags...
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id...
7.2CVSS
7.4AI Score
0.001EPSS
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than...
7.2CVSS
7.3AI Score
0.368EPSS
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id...
7.2CVSS
7.3AI Score
0.189EPSS
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno...
7.2CVSS
7.2AI Score
0.189EPSS
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1...
8.8CVSS
9.1AI Score
0.001EPSS
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login...
8.8CVSS
8.5AI Score
0.001EPSS
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login...
6.5CVSS
6.4AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid...
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters...
6.1CVSS
6AI Score
0.001EPSS
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd...
6.1CVSS
5.9AI Score
0.001EPSS
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1...
4.9CVSS
5.8AI Score
0.001EPSS
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave...
8.8CVSS
8.5AI Score
0.001EPSS
4.8CVSS
4.8AI Score
0.001EPSS
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than...
9.8CVSS
8.2AI Score
0.015EPSS
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via...
6.5CVSS
6.5AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl...
6.1CVSS
6AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input...
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web...
8.1CVSS
9.2AI Score
0.002EPSS
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to...
5.3CVSS
5.1AI Score
0.003EPSS