Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-28	CVE-2017-11715	Code Injection vulnerability in Metinfo Project Metinfo job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. network low complexity metinfo-project CWE-94 critical	9.8