CVE-2019-16996: SQL Injection
First published: Mon Sep 30 2019(Updated: )
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Metinfo Metinfo | =7.0.0-beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16996?
CVE-2019-16996 is a SQL Injection vulnerability discovered in Metinfo 7.0.0beta.
How severe is CVE-2019-16996?
CVE-2019-16996 has a severity rating of 7.2 (High).
How can I fix the SQL Injection vulnerability in Metinfo 7.0.0beta?
To fix the vulnerability, update Metinfo to a version that is not affected by CVE-2019-16996 or apply the necessary patches provided by the vendor.
Is there any known exploit for CVE-2019-16996?
As of now, there is no known exploit publicly available for CVE-2019-16996.
Where can I find more information about CVE-2019-16996?
For more information about CVE-2019-16996, you can refer to the following link: https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1
- collector/nvd-index
- agent/type
- vendor/metinfo
- canonical/metinfo metinfo
- version/metinfo metinfo/7.0.0-beta