Vulnerabilities > Metinfo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-07 | CVE-2018-7721 | Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | 4.3 |
| 2017-09-17 | CVE-2017-14513 | Path Traversal vulnerability in Metinfo 5.3.17 Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | 5.0 |
| 2017-07-20 | CVE-2017-11500 | Path Traversal vulnerability in Metinfo 5.3.17 A directory traversal vulnerability exists in MetInfo 5.3.17. | 5.0 |
| 2017-07-19 | CVE-2017-9764 | Cross-site Scripting vulnerability in Metinfo 5.3.17 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | 4.3 |
| 2017-07-17 | CVE-2017-11347 | Unspecified vulnerability in Metinfo 5.3.17 Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php. | 6.5 |
| 2011-11-01 | CVE-2010-4976 | Cross-Site Scripting vulnerability in Metinfo 3.0 Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). | 4.3 |