Filtered by vendor Metinfo
Subscriptions
Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-14420 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | ||||
CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | ||||
CVE-2018-12531 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. | ||||
CVE-2018-12530 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. | ||||
CVE-2018-9985 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | ||||
CVE-2018-9928 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | ||||
CVE-2018-7721 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | ||||
CVE-2018-7271 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell. | ||||
CVE-2019-17676 | 1 Metinfo | 1 Metinfo | 2024-08-05 | 8.8 High |
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI. | ||||
CVE-2019-17553 | 1 Metinfo | 1 Metinfo | 2024-08-05 | 9.8 Critical |
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. | ||||
CVE-2019-17418 | 1 Metinfo | 1 Metinfo | 2024-08-05 | 7.2 High |
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. | ||||
CVE-2019-17419 | 1 Metinfo | 1 Metinfo | 2024-08-05 | 7.2 High |
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. | ||||
CVE-2019-16996 | 1 Metinfo | 1 Metinfo | 2024-08-05 | 7.2 High |
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. | ||||
CVE-2019-16997 | 1 Metinfo | 1 Metinfo | 2024-08-05 | 7.2 High |
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. | ||||
CVE-2019-13969 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. | ||||
CVE-2020-21517 | 1 Metinfo | 1 Metinfo | 2024-08-04 | 6.1 Medium |
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. | ||||
CVE-2020-21133 | 1 Metinfo | 1 Metinfo | 2024-08-04 | 9.8 Critical |
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. | ||||
CVE-2020-21127 | 1 Metinfo | 1 Metinfo | 2024-08-04 | 9.8 Critical |
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel. | ||||
CVE-2020-20981 | 1 Metinfo | 1 Metinfo | 2024-08-04 | 7.5 High |
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. | ||||
CVE-2020-21126 | 1 Metinfo | 1 Metinfo | 2024-08-04 | 8.8 High |
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo. |