Metinfo

Metinfo

60 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-29014

Exploit
  • EPSS 15.8%
  • Veröffentlicht 01.04.2026 12:22:42
  • Zuletzt bearbeitet 07.04.2026 20:38:52

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input ne...

7.5

CVE-2025-63551

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.11.2025 00:00:00
  • Zuletzt bearbeitet 04.02.2026 21:14:49

A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacke...

6.1

CVE-2025-60450

Exploit
  • EPSS 0.04%
  • Veröffentlicht 03.10.2025 00:00:00
  • Zuletzt bearbeitet 07.10.2025 15:36:38

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php ...

6.1

CVE-2025-60454

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.10.2025 00:00:00
  • Zuletzt bearbeitet 07.10.2025 15:09:38

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allow...

6.1

CVE-2025-60453

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.10.2025 00:00:00
  • Zuletzt bearbeitet 07.10.2025 15:21:35

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allow...

6.1

CVE-2025-60452

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.10.2025 00:00:00
  • Zuletzt bearbeitet 07.10.2025 15:27:24

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulner...

6.1

CVE-2025-60451

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.10.2025 00:00:00
  • Zuletzt bearbeitet 07.10.2025 15:32:47

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php compon...

8.8

CVE-2022-44849

Exploit
  • EPSS 0.09%
  • Veröffentlicht 07.12.2022 03:15:10
  • Zuletzt bearbeitet 23.04.2025 14:15:24

A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.

9.8

CVE-2022-23335

Exploit
  • EPSS 0.51%
  • Veröffentlicht 14.02.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:48:25

Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.

9.8

CVE-2022-22295

Exploit
  • EPSS 0.64%
  • Veröffentlicht 14.02.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:35

Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.