Shodan
Vulnerabilities
Vulnerable Software
Metinfo:  >> Metinfo  Security Vulnerabilities
CVE-2017-12789
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-05-10
CVE-2017-12790
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-05-09
CVE-2017-12788
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-09
CVE-2019-7718
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-02-11
CVE-2018-20486
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-26
CVE-2018-19835
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-03
CVE-2018-19836
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-03
CVE-2018-19050
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07
CVE-2018-19051
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07
CVE-2018-18374
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-10-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved