Shodan
Vulnerabilities
Vulnerable Software
Metinfo:  >> Metinfo  Security Vulnerabilities
CVE-2018-18296
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-15
CVE-2018-17129
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
CVSS Score
4.9
EPSS Score
0.003
Published
2018-09-17
CVE-2018-14419
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-07-20
CVE-2018-14420
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-07-20
CVE-2018-13024
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
CVSS Score
7.2
EPSS Score
0.008
Published
2018-06-29
CVE-2018-12530
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-06-18
CVE-2018-12531
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-06-18
CVE-2018-9985
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-10
CVE-2018-9934
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-04-10
CVE-2018-9928
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved