CVE-2020-21133

Name of the Vulnerable Software and Affected Versions Metinfo version 7.0.0 beta

Description The issue is related to a SQL Injection vulnerability in the member/getpassword.php file, specifically when the lang parameter is set to cn and the a parameter is set to dovalid. This vulnerability is due to the lack of protection against SQL query structure exploitation. An attacker can exploit this issue to execute arbitrary SQL code remotely.

Recommendations For Metinfo version 7.0.0 beta, as a temporary workaround, consider restricting access to the member/getpassword.php file or disabling the dovalid action until a patch is available. Avoid using the lang and a parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.