CVE-2018-17129

MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.

Published : 2018-09-17 04:29 Updated : 2018-11-09 18:59

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Metinfo Metinfo 6.1.0 cpe:/a:metinfo:metinfo:6.1.0
  1. Metinfo (1) Search CVE
    1. Metinfo (1) Search CVE
      1. 6.1.0

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2018-11-09 18:59
2018-10-15 04:29
2018-09-17 04:29

New CVE