MetInfo 7.0.0 Beta

CPE Details

MetInfo 7.0.0 Beta
metinfo
metinfo
7.0.0
2019-10-01
11h22 +00:00
2019-10-01
11h22 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*

Informations

Vendor

metinfo

Product

metinfo

Version

7.0.0

Update

beta

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-20600 2021-12-22 21h41 +00:00 MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.
5.4
Moyen
CVE-2020-19304 2021-08-03 19h24 +00:00 An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
7.5
Haute
CVE-2020-21133 2021-07-12 10h45 +00:00 SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
9.8
Critique
CVE-2020-21132 2021-07-12 10h45 +00:00 SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
9.8
Critique
CVE-2020-21131 2021-07-12 10h45 +00:00 SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
7.2
Haute
CVE-2020-20585 2021-07-08 13h44 +00:00 A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
7.5
Haute
CVE-2020-20907 2021-05-24 16h03 +00:00 MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php.
9.1
Critique
CVE-2020-20800 2020-09-29 13h29 +00:00 An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
9.8
Critique
CVE-2019-17676 2019-10-17 10h16 +00:00 app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.
8.8
Haute
CVE-2019-17553 2019-10-14 10h32 +00:00 An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.
9.8
Critique
CVE-2019-17418 2019-10-09 20h55 +00:00 An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
7.2
Haute
CVE-2019-17419 2019-10-09 20h55 +00:00 An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
7.2
Haute
CVE-2019-16997 2019-09-30 10h44 +00:00 In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
7.2
Haute
CVE-2019-16996 2019-09-30 10h44 +00:00 In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
7.2
Haute