PT-2018-11238 · Metinfo · Metinfo

Published

2018-06-18

Updated

2018-08-13

CVE-2018-12531

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MetInfo version 6.0.0

Description An issue was discovered that allows remote attackers to write arbitrary PHP code into config db.php.

Recommendations For MetInfo version 6.0.0, update to a newer version that contains a fix for this issue, as the current version allows remote attackers to write arbitrary PHP code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2018-12531

Affected Products

Metinfo

PT-2018-11238 · Metinfo · Metinfo

CVE-2018-12531

Weakness Enumeration

Related Identifiers

Affected Products

References · 3