Search Results | AttackerKB

6 Total Results

Displaying 1-6 of 6

Attacker Value

Unknown

CVE-2020-18175

Disclosure Date: July 30, 2021 (last updated February 23, 2025)

SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.

Attacker Value

Unknown

CVE-2020-18157

Disclosure Date: July 30, 2021 (last updated February 23, 2025)

Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2018-19835

Disclosure Date: December 03, 2018 (last updated November 27, 2024)

Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.

Attacker Value

Unknown

CVE-2018-19836

Disclosure Date: December 03, 2018 (last updated November 27, 2024)

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.

Attacker Value

Unknown

CVE-2018-19050

Disclosure Date: November 07, 2018 (last updated November 27, 2024)

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.

Attacker Value

Unknown

CVE-2018-19051

Disclosure Date: November 07, 2018 (last updated November 27, 2024)

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.

6 Total Results

Displaying 1-6 of 6

Unknown

CVE-2020-18175

Unknown

CVE-2020-18157

Unknown

CVE-2018-19835

Unknown

CVE-2018-19836

Unknown

CVE-2018-19050

Unknown

CVE-2018-19051

Quick Cookie Notification