PT-2017-11948 · Metinfo · Metinfo

Published

2017-07-16

Updated

2019-10-03

CVE-2017-11347

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MetInfo version 5.3.17

Description The issue allows a remote authenticated attacker to execute code by generating a PHP script with the content of a malicious image. This is related to the files admin/include/common.inc.php and admin/app/physical/physical.php.

Recommendations For MetInfo version 5.3.17, update to a newer version that contains a fix for this issue, as using a malicious image to generate a PHP script can lead to code execution. As a temporary workaround, consider restricting access to the admin/include/common.inc.php and admin/app/physical/physical.php files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-11347

Affected Products

Metinfo

PT-2017-11948 · Metinfo · Metinfo

CVE-2017-11347

Related Identifiers

Affected Products

References · 3