Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Metinfo'
2022-02-14
CVE-2022-22295
CWE-89
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
CVE-2022-23335
CWE-89
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
2021-12-22
CVE-2020-20600
CWE-79
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.
2021-09-15
CVE-2020-21126
CWE-352
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
CVE-2020-21127
CWE-89
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
2021-08-12
CVE-2020-20981
CWE-89
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
2021-08-03
CVE-2020-19304
CWE-22
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
CVE-2020-19305
CWE-269
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
2021-07-30
CVE-2020-18157
CWE-352
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.
CVE-2020-18175
CWE-89
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
Copyright
2024
, cxsecurity.com
Back to Top