Vulnerabilities > Metinfo

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-18	CVE-2018-12531	Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. network low complexity metinfo CWE-94 critical	9.8
2018-06-18	CVE-2018-12530	Path Traversal vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. network low complexity metinfo CWE-22	6.5
2018-04-10	CVE-2018-9985	Cross-site Scripting vulnerability in Metinfo 6.0.0 The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. network low complexity metinfo CWE-79	6.1
2018-04-10	CVE-2018-9934	Unspecified vulnerability in Metinfo 6.0.0 The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. network low complexity metinfo	8.8
2018-04-10	CVE-2018-9928	Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. network low complexity metinfo CWE-79	6.1
2018-03-07	CVE-2018-7721	Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. network low complexity metinfo CWE-79	6.1
2018-02-21	CVE-2018-7271	Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. network high complexity metinfo CWE-94	8.1
2017-09-17	CVE-2017-14513	Path Traversal vulnerability in Metinfo 5.3.17 Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. network low complexity metinfo CWE-22	5.3
2017-07-20	CVE-2017-11500	Path Traversal vulnerability in Metinfo 5.3.17 A directory traversal vulnerability exists in MetInfo 5.3.17. network low complexity metinfo CWE-22	7.5
2017-07-19	CVE-2017-9764	Cross-site Scripting vulnerability in Metinfo 5.3.17 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. network low complexity metinfo CWE-79	6.1

Vulnerabilities > Metinfo {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Metinfo"}]}

Vulnerabilities > Metinfo