Metinfo@6.1.3 Security Vulnerabilities and Issues — Metinfo@6.1.3 CVE List

Lucene search

MetinfoMetinfo6.1.3

6 matches found

CVE•added 2021/07/30 2:15 p.m.•43 views

CVE-2020-18175

SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.

9.8CVSS9.8AI score0.00508EPSS

CVE•added 2018/12/03 7:29 p.m.•40 views

CVE-2018-19836

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such...

6.1CVSS6AI score0.0024EPSS

Web

CVE•added 2018/12/03 7:29 p.m.•36 views

CVE-2018-19835

Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.

6.1CVSS5.9AI score0.0024EPSS

Web

CVE•added 2021/07/30 2:15 p.m.•36 views

CVE-2020-18157

Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.

8.8CVSS8.7AI score0.00112EPSS

Web

CVE•added 2018/11/07 4:29 a.m.•31 views

CVE-2018-19051

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.

6.1CVSS6AI score0.0024EPSS

Web

CVE•added 2018/11/07 4:29 a.m.•28 views

CVE-2018-19050

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.

6.1CVSS6AI score0.0024EPSS

Web