Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Metinfo Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-19305 1 Metinfo 1 Metinfo 2022-07-12 7.5 HIGH 9.8 CRITICAL
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
CVE-2020-20907 2 Metinfo, Microsoft 2 Metinfo, Windows 2022-07-12 6.4 MEDIUM 9.1 CRITICAL
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php.
CVE-2022-22295 1 Metinfo 1 Metinfo 2022-02-22 7.5 HIGH 9.8 CRITICAL
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
CVE-2022-23335 1 Metinfo 1 Metinfo 2022-02-22 7.5 HIGH 9.8 CRITICAL
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
CVE-2020-21127 1 Metinfo 1 Metinfo 2021-09-23 7.5 HIGH 9.8 CRITICAL
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
CVE-2020-18175 1 Metinfo 1 Metinfo 2021-08-03 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
CVE-2020-20800 1 Metinfo 1 Metinfo 2020-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
CVE-2019-17553 1 Metinfo 1 Metinfo 2019-10-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.
CVE-2018-12531 1 Metinfo 1 Metinfo 2018-08-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.