CVE-2017-12789

Name of the Vulnerable Software and Affected Versions Metinfo version 5.3.18

Description The issue allows for Information Disclosure through a remote attack vector. It involves a Cross Site Request Forgery (CSRF) attack, where the administrator clicks on a malicious link while in a logged-in state. The vulnerable component is the admin/interface/online/delete.php file.

Recommendations For Metinfo version 5.3.18, consider restricting access to the admin/interface/online/delete.php component to minimize the risk of exploitation. As a temporary workaround, avoid clicking on suspicious links while logged in as an administrator until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.