metinfo

Top products

The 15 most recently published vulnerabilities affecting metinfo.

• CVE-2026-29014MetInfo CMS Unauthenticated PHP Code Injection RCE9.8Apr 1, 2026
• CVE-2025-63551A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a def...7.5Nov 6, 2025
• CVE-2025-60454A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\i...6.1Oct 3, 2025
• CVE-2025-60453A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\adm...6.1Oct 3, 2025
• CVE-2025-60452A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download...6.1Oct 3, 2025
• CVE-2025-60451A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the...6.1Oct 3, 2025
• CVE-2025-60450A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the...6.1Oct 3, 2025
• CVE-2022-44849A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.8.8Dec 7, 2022
• CVE-2022-23335Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.9.8Feb 14, 2022
• CVE-2022-22295Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.9.8Feb 14, 2022
• CVE-2020-20600MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.5.4Dec 22, 2021
• CVE-2020-21127MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.9.8Sep 15, 2021
• CVE-2020-21126MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.8.8Sep 15, 2021
• CVE-2020-20981A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.7.5Aug 12, 2021
• CVE-2020-19305An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.9.8Aug 3, 2021