Latest metinfo metinfo Vulnerabilities

CVE-2022-44849
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.
Metinfo Metinfo=7.7
CVE-2022-22295
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
Metinfo Metinfo=7.5.0
CVE-2022-23335
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
Metinfo Metinfo=7.5.0
CVE-2020-20600
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.
Metinfo Metinfo=7.0.0-beta
CVE-2020-21127
Metinfo Metinfo=7.0.0
CVE-2020-21126
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
Metinfo Metinfo=7.0.0
CVE-2020-20981
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
Metinfo Metinfo=7.0.0
CVE-2020-19305
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
Metinfo Metinfo=7.0.0
CVE-2020-19304
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
Metinfo Metinfo=7.0.0
CVE-2020-21132
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
Metinfo Metinfo=7.0.0-beta
CVE-2020-21131
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
Metinfo Metinfo=7.0.0-beta
CVE-2020-21133
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
Metinfo Metinfo=7.0.0-beta
CVE-2020-20585
Metinfo Metinfo=7.0.0-beta
CVE-2020-21517
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
Metinfo Metinfo=7.0.0
CVE-2020-20907
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/fil...
Metinfo Metinfo=7.0.0-beta
Microsoft Windows
CVE-2020-20800
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
Metinfo Metinfo=7.0.0-beta
CVE-2019-17676
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSav...
Metinfo Metinfo=7.0.0-beta
CVE-2019-17553
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.
Metinfo Metinfo=7.0.0-beta
CVE-2019-17418
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
Metinfo Metinfo=7.0.0-beta
CVE-2019-17419
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
Metinfo Metinfo=7.0.0-beta
CVE-2019-16996
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
Metinfo Metinfo=7.0.0-beta
CVE-2019-16997
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
Metinfo Metinfo=7.0.0-beta
CVE-2019-13969
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
Metinfo Metinfo>=6.0.0<=6.2.0
CVE-2017-12789
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The adminis...
Metinfo Metinfo=5.3.18
CVE-2017-12790
Metinfo Metinfo=5.3.18
CVE-2019-7718
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsq...
Metinfo Metinfo>=6.0.0<=6.1.3
CVE-2018-20486
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
Metinfo Metinfo>=6.0.0<=6.1.3
CVE-2018-19835
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
Metinfo Metinfo=6.1.3
CVE-2018-19836
Metinfo Metinfo=6.1.3
CVE-2018-18374
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
Metinfo Metinfo=6.1.2
CVE-2018-18296
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
Metinfo Metinfo=6.1.2
CVE-2018-17129
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
Metinfo Metinfo=6.1.0
CVE-2018-14420
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
Metinfo Metinfo=6.0.0
CVE-2018-14419
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
Metinfo Metinfo=6.0.0
CVE-2018-13024
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
Metinfo Metinfo=6.0.0
CVE-2018-12531
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
Metinfo Metinfo=6.0.0
CVE-2018-12530
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
Metinfo Metinfo=6.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203