Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | |||||
CVE-2018-13024 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | |||||
CVE-2018-12531 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. | |||||
CVE-2018-12530 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. | |||||
CVE-2017-9764 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | |||||
CVE-2017-6878 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | |||||
CVE-2017-14513 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | |||||
CVE-2017-12790 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state. | |||||
CVE-2017-12789 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state. | |||||
CVE-2017-12788 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter. | |||||
CVE-2017-11500 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | |||||
CVE-2017-11347 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php. | |||||
CVE-2010-4976 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information. |