Product
metinfo
64 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-29014
CVE-2025-63551
CVE-2025-60454
CVE-2025-60453
CVE-2025-60452
CVE-2025-60451
CVE-2025-60450
CVE-2022-44849
CVE-2022-23335
CVE-2022-22295
CVE-2020-20600
CVE-2020-21127
CVE-2020-21126
CVE-2020-20981
CVE-2020-19305
CVE-2020-19304
CVE-2020-18175
CVE-2020-18157
CVE-2020-21133
CVE-2020-21132
CVE-2020-21131
CVE-2020-20585
CVE-2020-21517
CVE-2020-20907
CVE-2020-20800
CVE-2019-17676
CVE-2019-17553
CVE-2019-17419
CVE-2019-17418
CVE-2019-16997
CVE-2019-16996
CVE-2019-13969
CVE-2017-12789
CVE-2017-12790
CVE-2017-12788
CVE-2019-7718
CVE-2018-20486
CVE-2018-19836
CVE-2018-19835
CVE-2018-19051
CVE-2018-19050
CVE-2018-18374
CVE-2018-18296
CVE-2018-17129
CVE-2018-14420
CVE-2018-14419
CVE-2018-13024
CVE-2018-12531
CVE-2018-12530
CVE-2018-9985
CVE-2018-9934
CVE-2018-9928
CVE-2018-7721
CVE-2018-7271
CVE-2017-14513
CVE-2017-11718
CVE-2017-11717
CVE-2017-11716
CVE-2017-11715
CVE-2017-11500
CVE-2017-9764
CVE-2017-11347
CVE-2017-6878
CVE-2010-4976
all versions
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to
< 8.1
A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo C
all versions
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the
all versions
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the
all versions
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the
all versions
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to
all versions
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to
all versions
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administra
all versions
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
all versions
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
all versions
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=do
all versions
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
all versions
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
all versions
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database info
all versions
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column
all versions
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal
all versions
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
all versions
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.
all versions
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
all versions
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
all versions
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
all versions
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database informati
all versions
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
all versions
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/languag
all versions
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&enda
all versions
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to
all versions
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.
all versions
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
all versions
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter ap
all versions
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=lang
all versions
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&
>= 6.0.0 and <= 6.2.0
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=la
all versions
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is
all versions
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is
all versions
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitra
>= 6.0.0 and <= 6.1.3
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execu
>= 6.0.0 and <= 6.1.3
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
all versions
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.i
all versions
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
all versions
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
all versions
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
all versions
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
all versions
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
all versions
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
all versions
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/in
all versions
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
all versions
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/co
all versions
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php
all versions
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a fliena
all versions
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
all versions
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP
all versions
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML
all versions
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mish
all versions
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configurati
all versions
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f
<= 5.3.17
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
<= 5.3.17
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass int
<= 5.3.17
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.
<= 5.3.17
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote a
all versions
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filena
all versions
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the
all versions
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with
all versions
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTM
all versions
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web scrip