Vulnerabilities > Metinfo

DATE CVE VULNERABILITY TITLE RISK
2018-12-03 CVE-2018-19836 Incorrect Permission Assignment for Critical Resource vulnerability in Metinfo 6.1.3
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value.
network
low complexity
metinfo CWE-732
6.1
6.1
2018-12-03 CVE-2018-19835 Cross-site Scripting vulnerability in Metinfo 6.1.3
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
network
low complexity
metinfo CWE-79
6.1
6.1
2018-11-07 CVE-2018-19051 Cross-site Scripting vulnerability in Metinfo 6.1.3
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
network
low complexity
metinfo CWE-79
6.1
6.1
2018-11-07 CVE-2018-19050 Cross-site Scripting vulnerability in Metinfo 6.1.3
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
network
low complexity
metinfo CWE-79
6.1
6.1
2018-10-16 CVE-2018-18374 Cross-site Scripting vulnerability in Metinfo 6.1.2
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
network
low complexity
metinfo CWE-79
5.4
5.4
2018-10-15 CVE-2018-18296 Cross-site Scripting vulnerability in Metinfo 6.1.2
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
network
low complexity
metinfo CWE-79
6.1
6.1
2018-09-17 CVE-2018-17129 SQL Injection vulnerability in Metinfo 6.1.0
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
network
low complexity
metinfo CWE-89
4.9
4.9
2018-07-20 CVE-2018-14420 Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 6.0.0
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
network
low complexity
metinfo CWE-352
8.8
8.8
2018-07-20 CVE-2018-14419 Cross-site Scripting vulnerability in Metinfo 6.0.0
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
network
low complexity
metinfo CWE-79
4.8
4.8
2018-06-29 CVE-2018-13024 Unrestricted Upload of File with Dangerous Type vulnerability in Metinfo 6.0.0
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
network
low complexity
metinfo CWE-434
7.2
7.2