Vulnerabilities > Metinfo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-18 | CVE-2018-12531 | Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 7.5 |
| 2018-06-18 | CVE-2018-12530 | Path Traversal vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 5.8 |
| 2018-04-10 | CVE-2018-9985 | Cross-site Scripting vulnerability in Metinfo 6.0.0 The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | 4.3 |
| 2018-04-10 | CVE-2018-9934 | Unspecified vulnerability in Metinfo 6.0.0 The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. network metinfo | 4.3 |
| 2018-04-10 | CVE-2018-9928 | Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | 4.3 |
| 2018-03-07 | CVE-2018-7721 | Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | 4.3 |
| 2018-02-21 | CVE-2018-7271 | Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 9.3 |
| 2017-09-17 | CVE-2017-14513 | Path Traversal vulnerability in Metinfo 5.3.17 Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | 5.0 |
| 2017-07-20 | CVE-2017-11500 | Path Traversal vulnerability in Metinfo 5.3.17 A directory traversal vulnerability exists in MetInfo 5.3.17. | 5.0 |
| 2017-07-19 | CVE-2017-9764 | Cross-site Scripting vulnerability in Metinfo 5.3.17 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | 4.3 |