Vulnerabilities > Metinfo > Metinfo > 6.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-19 | CVE-2019-13969 | SQL Injection vulnerability in Metinfo Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. | 6.5 |
| 2019-02-11 | CVE-2019-7718 | Race Condition vulnerability in Metinfo An issue was discovered in Metinfo 6.x. | 6.8 |
| 2018-12-26 | CVE-2018-20486 | Cross-site Scripting vulnerability in Metinfo MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. | 4.3 |
| 2018-07-20 | CVE-2018-14420 | Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 6.0.0 MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | 6.8 |
| 2018-07-20 | CVE-2018-14419 | Cross-site Scripting vulnerability in Metinfo 6.0.0 MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | 3.5 |
| 2018-06-29 | CVE-2018-13024 | Unrestricted Upload of File with Dangerous Type vulnerability in Metinfo 6.0.0 Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | 6.5 |
| 2018-06-18 | CVE-2018-12531 | Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 7.5 |
| 2018-06-18 | CVE-2018-12530 | Path Traversal vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 5.8 |
| 2018-04-10 | CVE-2018-9985 | Cross-site Scripting vulnerability in Metinfo 6.0.0 The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | 4.3 |
| 2018-04-10 | CVE-2018-9934 | Unspecified vulnerability in Metinfo 6.0.0 The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. network metinfo | 4.3 |