Metinfo: >> Metinfo >> 6.1.3 Security Vulnerabilities
A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the server to initiate an HTTP request to an arbitrary internal or external network address. Successful exploitation could lead to internal network reconnaissance, port scanning, or the retrieval of sensitive information. The vulnerability may be present in the backend API called by or associated with the path `/admin/#/webset/?head_tab_active=0`, where user-provided XML data is processed.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-06
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-07-30
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-30
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-19
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-02-11
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-26
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-03
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-03
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07
Page 1