Vulnerabilities > Metinfo

DATE CVE VULNERABILITY TITLE RISK
2020-09-30 CVE-2020-20800 SQL Injection vulnerability in Metinfo 7.0.0
An issue was discovered in MetInfo v7.0.0 beta.
network
low complexity
metinfo CWE-89
7.5
2019-10-17 CVE-2019-17676 Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 7.0.0
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.
network
metinfo CWE-352
6.8
2019-10-14 CVE-2019-17553 SQL Injection vulnerability in Metinfo 7.0.0
An issue was discovered in MetInfo v7.0.0 beta.
network
low complexity
metinfo CWE-89
7.5
2019-10-10 CVE-2019-17419 SQL Injection vulnerability in Metinfo 7.0.0
An issue was discovered in MetInfo 7.0.
network
low complexity
metinfo CWE-89
6.5
2019-10-10 CVE-2019-17418 SQL Injection vulnerability in Metinfo 7.0.0
An issue was discovered in MetInfo 7.0.
network
low complexity
metinfo CWE-89
6.5
2019-09-30 CVE-2019-16997 SQL Injection vulnerability in Metinfo 7.0.0
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
network
low complexity
metinfo CWE-89
6.5
2019-09-30 CVE-2019-16996 SQL Injection vulnerability in Metinfo 7.0.0
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
network
low complexity
metinfo CWE-89
6.5
2019-07-19 CVE-2019-13969 SQL Injection vulnerability in Metinfo
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
network
low complexity
metinfo CWE-89
6.5
2019-05-10 CVE-2017-12789 Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 5.3.18
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF).
network
metinfo CWE-352
6.8
2019-05-09 CVE-2017-12790 Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 5.3.18
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF).
network
metinfo CWE-352
4.3