Vulnerabilities > Metinfo > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-30 CVE-2019-16997 SQL Injection vulnerability in Metinfo 7.0.0
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
network
low complexity
metinfo CWE-89
7.2
7.2
2019-09-30 CVE-2019-16996 SQL Injection vulnerability in Metinfo 7.0.0
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
network
low complexity
metinfo CWE-89
7.2
7.2
2019-07-19 CVE-2019-13969 SQL Injection vulnerability in Metinfo
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
network
low complexity
metinfo CWE-89
8.8
8.8
2019-05-10 CVE-2017-12789 Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 5.3.18
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF).
network
low complexity
metinfo CWE-352
8.8
8.8
2019-02-11 CVE-2019-7718 Race Condition vulnerability in Metinfo
An issue was discovered in Metinfo 6.x.
network
high complexity
metinfo CWE-362
8.1
8.1
2018-07-20 CVE-2018-14420 Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 6.0.0
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
network
low complexity
metinfo CWE-352
8.8
8.8
2018-06-29 CVE-2018-13024 Unrestricted Upload of File with Dangerous Type vulnerability in Metinfo 6.0.0
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
network
low complexity
metinfo CWE-434
7.2
7.2
2018-04-10 CVE-2018-9934 Unspecified vulnerability in Metinfo 6.0.0
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
network
low complexity
metinfo
8.8
8.8
2018-02-21 CVE-2018-7271 Code Injection vulnerability in Metinfo 6.0.0
An issue was discovered in MetInfo 6.0.0.
network
high complexity
metinfo CWE-94
8.1
8.1
2017-07-20 CVE-2017-11500 Path Traversal vulnerability in Metinfo 5.3.17
A directory traversal vulnerability exists in MetInfo 5.3.17.
network
low complexity
metinfo CWE-22
7.5
7.5