CVE-2017-11347

Name of the Vulnerable Software and Affected Versions MetInfo version 5.3.17

Description The issue allows a remote authenticated attacker to execute code by generating a PHP script with the content of a malicious image. This is related to the files admin/include/common.inc.php and admin/app/physical/physical.php.

Recommendations For MetInfo version 5.3.17, update to a newer version that contains a fix for this issue, as using a malicious image to generate a PHP script can lead to code execution. As a temporary workaround, consider restricting access to the admin/include/common.inc.php and admin/app/physical/physical.php files to minimize the risk of exploitation.