Aggregates CVE and security vulnerability intelligence across all metinfo_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting and vendor risk open redirect; exposure may include vendor impact session compromise in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-11718 | There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | [email protected] | 6.1 | 0.19% | 2017-07-28 | 2026-05-13 |
| CVE-2017-11717 | MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. | [email protected] | 7.5 | 0.40% | 2017-07-28 | 2026-05-13 |
| CVE-2017-11716 | MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. | [email protected] | 6.1 | 0.24% | 2017-07-28 | 2026-05-13 |
| CVE-2017-11715 | job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | [email protected] | 9.8 | 0.85% | 2017-07-28 | 2026-05-13 |