Filtered by vendor Metinfo
Subscriptions
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18296 | 1 Metinfo | 1 Metinfo | 2018-11-28 | N/A |
| MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | ||||
| CVE-2018-17129 | 1 Metinfo | 1 Metinfo | 2018-11-09 | N/A |
| MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. | ||||
| CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2018-09-14 | N/A |
| MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | ||||
| CVE-2018-14420 | 1 Metinfo | 1 Metinfo | 2018-09-14 | N/A |
| MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | ||||
| CVE-2018-12531 | 1 Metinfo | 1 Metinfo | 2018-08-13 | N/A |
| An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. | ||||
| CVE-2018-9985 | 1 Metinfo | 1 Metinfo | 2018-05-15 | N/A |
| The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | ||||
| CVE-2018-9928 | 1 Metinfo | 1 Metinfo | 2018-05-11 | N/A |
| Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | ||||
| CVE-2018-7721 | 1 Metinfo | 1 Metinfo | 2018-03-26 | N/A |
| Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | ||||
| CVE-2018-7271 | 1 Metinfo | 1 Metinfo | 2018-03-21 | N/A |
| An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell. | ||||
| CVE-2017-14513 | 1 Metinfo | 1 Metinfo | 2017-09-21 | N/A |
| Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | ||||
| CVE-2010-4976 | 1 Metinfo | 1 Metinfo | 2017-08-29 | N/A |
| Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2017-9764 | 1 Metinfo | 1 Metinfo | 2017-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | ||||
| CVE-2017-6878 | 1 Metinfo | 1 Metinfo | 2017-03-29 | N/A |
| Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | ||||