Shodan
Vulnerabilities
Vulnerable Software
Metinfo:  >> Metinfo  Security Vulnerabilities
CVE-2019-17418
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
CVSS Score
7.2
EPSS Score
0.928
Published
2019-10-10
CVE-2019-17419
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-10-10
CVE-2019-16996
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
CVSS Score
7.2
EPSS Score
0.923
Published
2019-09-30
CVE-2019-16997
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
CVSS Score
7.2
EPSS Score
0.929
Published
2019-09-30
CVE-2019-13969
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-07-19
CVE-2017-12789
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-05-10
CVE-2017-12790
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-05-09
CVE-2017-12788
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-09
CVE-2019-7718
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-02-11
CVE-2018-20486
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved