CVE-2020-19305

Name of the Vulnerable Software and Affected Versions Metinfo version 7.0.0

Description The issue is related to a lack of access control in the /app/system/column/admin/index.class.php script of the Metinfo CMS system. This allows a remote attacker to escalate privileges by exploiting the vulnerability. Specifically, when a column is deleted, the indeximg parameter is also deleted, which can be used to gain elevated access.

Recommendations For Metinfo version 7.0.0, consider disabling access to the /app/system/column/admin/index.class.php script until a patch is available to prevent exploitation of the indeximg parameter. Restricting access to this script can help minimize the risk of privilege escalation.