Shodan
Vulnerabilities
Vulnerable Software
Metinfo:  >> Metinfo  >> 7.0.0  Security Vulnerabilities
CVE-2025-63551
A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the server to initiate an HTTP request to an arbitrary internal or external network address. Successful exploitation could lead to internal network reconnaissance, port scanning, or the retrieval of sensitive information. The vulnerability may be present in the backend API called by or associated with the path `/admin/#/webset/?head_tab_active=0`, where user-provided XML data is processed.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-06
CVE-2020-20600
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-12-22
CVE-2020-21127
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-09-15
CVE-2020-21126
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-15
CVE-2020-20981
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-08-12
CVE-2020-19304
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-08-03
CVE-2020-19305
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-08-03
CVE-2020-21131
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-07-12
CVE-2020-21132
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-12
CVE-2020-21133
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved