First published: Fri Jul 19 2019(Updated: )
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Metinfo Metinfo | >=6.0.0<=6.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-13969 is a vulnerability in Metinfo 6.x that allows SQL injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
CVE-2019-13969 has a severity rating of 8.8 (high).
CVE-2019-13969 affects Metinfo versions between 6.0.0 and 6.2.0.
To fix CVE-2019-13969, update Metinfo to a version above 6.2.0.
More information about CVE-2019-13969 can be found at this link: [https://github.com/zhuxianjin/vuln_repo/blob/master/Metinfo%206.x%20Background%20SQL%20injection.md](https://github.com/zhuxianjin/vuln_repo/blob/master/Metinfo%206.x%20Background%20SQL%20injection.md)