CVE-2017-12790

Name of the Vulnerable Software and Affected Versions Metinfo version 5.3.18

Description The issue allows for Information Disclosure through a remote attack vector. It involves a Cross Site Request Forgery (CSRF) attack, where the administrator clicks on a malicious link while in a logged-in state. The vulnerable component is the admin/index.php file.

Recommendations For Metinfo version 5.3.18, as a temporary workaround, consider restricting access to the admin/index.php file until a patch is available. Avoid clicking on suspicious links while logged in to the administrator account to minimize the risk of exploitation.