First published: Fri Jun 29 2018(Updated: )
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Metinfo Metinfo | =6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-13024 is a vulnerability in Metinfo v6.0.0 that allows remote attackers to write code into a .php file and execute that code.
An attacker can exploit CVE-2018-13024 by using the module parameter to admin/column/save.php in an editor upload action.
The severity of CVE-2018-13024 is high with a CVSS score of 7.2.
Metinfo v6.0.0 is affected by CVE-2018-13024.
To fix CVE-2018-13024, users should update to a patched version of Metinfo.