First published: Tue Aug 03 2021(Updated: )
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Metinfo Metinfo | =7.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-19305 is an issue in Metinfo v7.0.0 that causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
CVE-2020-19305 has a severity rating of 9.8 (Critical).
Metinfo v7.0.0 is affected by CVE-2020-19305.
Attackers can exploit CVE-2020-19305 by deleting a column, which will also delete the indeximg parameter and allow them to escalate privileges.
Yes, you can find references related to CVE-2020-19305 at the following links: [CWE-36](https://cwe.mitre.org/data/definitions/36.html) and [CodeAnalyse GitHub Issue](https://github.com/MRdoulestar/CodeAnalyse/issues/2).