Metinfo Project » Metinfo : Security Vulnerabilities, CVEs,

CVE-2017-11718

There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-07-28
Updated
2017-08-09

CVE-2017-11717

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.
Max CVSS
7.5
EPSS Score
0.18%
Published
2017-07-28
Updated
2019-10-03

CVE-2017-11716

MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-07-28
Updated
2017-08-09

CVE-2017-11715

job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.
Max CVSS
9.8
EPSS Score
1.29%
Published
2017-07-28
Updated
2017-08-09
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close