Metinfo: >> Metinfo >> 5.3.17 Security Vulnerabilities
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-09-17
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-20
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-19
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
CVSS Score
8.8
EPSS Score
0.015
Published
2017-07-17