Shodan
Vulnerabilities
Vulnerable Software
Metinfo:  >> Metinfo  Security Vulnerabilities
CVE-2018-9928
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-10
CVE-2018-7721
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-07
CVE-2018-7271
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
CVSS Score
8.1
EPSS Score
0.008
Published
2018-02-21
CVE-2017-14513
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-09-17
CVE-2017-11500
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-20
CVE-2017-9764
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-19
CVE-2017-11347
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
CVSS Score
8.8
EPSS Score
0.015
Published
2017-07-17
CVE-2017-6878
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-03-27
CVE-2010-4976
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.042
Published
2011-11-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved