First published: Mon Sep 17 2018(Updated: )
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Metinfo Metinfo | =6.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-17129 refers to a SQL injection vulnerability found in MetInfo version 6.1.0.
CVE-2018-17129 has a severity score of 4.9, which is considered medium.
MetInfo version 6.1.0 is affected by CVE-2018-17129.
To fix CVE-2018-17129, it is recommended to update MetInfo to a secure version where the vulnerability has been patched.
The CWE ID of CVE-2018-17129 is 89, which represents Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').