Vulnerabilities > Metinfo Project

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-28	CVE-2017-11718	Open Redirect vulnerability in Metinfo Project Metinfo There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. network low complexity metinfo-project CWE-601	6.1
2017-07-28	CVE-2017-11717	Authentication Bypass by Spoofing vulnerability in Metinfo Project Metinfo MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. network low complexity metinfo-project CWE-290	7.5
2017-07-28	CVE-2017-11716	Cross-site Scripting vulnerability in Metinfo Project Metinfo MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. network low complexity metinfo-project CWE-79	6.1
2017-07-28	CVE-2017-11715	Code Injection vulnerability in Metinfo Project Metinfo job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. network low complexity metinfo-project CWE-94 critical	9.8

Vulnerabilities > Metinfo Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Metinfo Project"}]}