Szfsir

**Nome do software vulnerável e versões afetadas: MetInfo versão 7.0.0beta Descrição: O problema está relacionado a uma vulnerabilidade de injeção de SQL. Ela pode ser explorada por meio do endpoint admin/?n=language&c=language web&a=doAddLanguage. Recomendações: Para o MetInfo versão 7.0.0beta, como solução temporária, considere restringir o acesso ao endpoint admin/?n=language&c=language web&a=doAddLanguage até que uma correção esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Metinfo version 7.0.0beta **Description** The issue is related to a SQL Injection vulnerability in the index.php script of the Metinfo CMS system. This vulnerability is due to the lack of protection measures for the SQL query structure, allowing a remote attacker to execute arbitrary SQL code. **Recommendations** For Metinfo version 7.0.0beta, consider disabling the `index.php` script or restricting access to it until a patch is available to prevent exploitation of the SQL Injection vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metinfo version 7.0.0 beta **Description** The issue is related to a SQL Injection vulnerability in the member/getpassword.php file, specifically when the `lang` parameter is set to `cn` and the `a` parameter is set to `dovalid`. This vulnerability is due to the lack of protection against SQL query structure exploitation. An attacker can exploit this issue to execute arbitrary SQL code remotely. **Recommendations** For Metinfo version 7.0.0 beta, as a temporary workaround, consider restricting access to the `member/getpassword.php` file or disabling the `dovalid` action until a patch is available. Avoid using the `lang` and `a` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.