CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.162

EPSS Ranking 94.8%

CVSS Severity

CVSS v3 Score 9.8

References

https://karmainsecurity.com/KIS-2026-06
https://www.metinfo.cn/
https://www.vulncheck.com/advisories/metinfo-cms-unauthenticated-php-code-injection-rce
http://seclists.org/fulldisclosure/2026/Apr/1
https://websec.net/blog/cve-2026-29014-metinfo-cms-unauthenticated-php-code-injection-69cdc290c14a8a99e1f91b7a

Products affected by CVE-2026-29014

Metinfo » Metinfo » Version: 7.9

cpe:2.3:a:metinfo:metinfo:7.9
Metinfo » Metinfo » Version: 8.0.0

cpe:2.3:a:metinfo:metinfo:8.0.0
Metinfo » Metinfo » Version: 8.1

cpe:2.3:a:metinfo:metinfo:8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-29014

Products

Pricing

Contact Us