Shodan
Vulnerabilities
Vulnerable Software
Metinfo:  >> Metinfo  Security Vulnerabilities
CVE-2018-12530
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-06-18
CVE-2018-12531
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-06-18
CVE-2018-9985
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-10
CVE-2018-9934
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-04-10
CVE-2018-9928
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-10
CVE-2018-7721
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-07
CVE-2018-7271
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
CVSS Score
8.1
EPSS Score
0.009
Published
2018-02-21
CVE-2017-14513
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-09-17
CVE-2017-11500
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-20
CVE-2017-9764
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved