Metinfo: >> Metinfo >> 6.0.0 Security Vulnerabilities
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-04-10
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-10
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-07
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
CVSS Score
8.1
EPSS Score
0.008
Published
2018-02-21
Page 2