An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/SQYY/CVE/blob/master/MetInfo_G.txt |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-21T00:00:00
Updated: 2024-08-05T06:24:11.488Z
Reserved: 2018-02-20T00:00:00
Link: CVE-2018-7271
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-02-21T00:29:00.207
Modified: 2018-03-21T13:33:29.567
Link: CVE-2018-7271
Redhat
No data.