First published: Mon Sep 30 2019(Updated: )
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Metinfo Metinfo | =7.0.0-beta |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16996 is a SQL Injection vulnerability discovered in Metinfo 7.0.0beta.
CVE-2019-16996 has a severity rating of 7.2 (High).
To fix the vulnerability, update Metinfo to a version that is not affected by CVE-2019-16996 or apply the necessary patches provided by the vendor.
As of now, there is no known exploit publicly available for CVE-2019-16996.
For more information about CVE-2019-16996, you can refer to the following link: https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1