Metinfo: >> Metinfo >> 6.0.0 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-10
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-07
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
CVSS Score
8.1
EPSS Score
0.009
Published
2018-02-21
Page 2