CVE-2019-13969

Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.

Published : 2019-07-19 06:15 Updated : 2019-07-19 17:59

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Metinfo Metinfo 6.0.0 cpe:/a:metinfo:metinfo:6.0.0
Metinfo Metinfo 6.1.0 cpe:/a:metinfo:metinfo:6.1.0
Metinfo Metinfo 6.1.1 cpe:/a:metinfo:metinfo:6.1.1
Metinfo Metinfo 6.1.2 cpe:/a:metinfo:metinfo:6.1.2
Metinfo Metinfo 6.1.3 cpe:/a:metinfo:metinfo:6.1.3
Metinfo Metinfo 6.2.0 cpe:/a:metinfo:metinfo:6.2.0
  1. Metinfo (1) Search CVE
    1. Metinfo (6) Search CVE
      1. 6.0.0
      2. 6.1.0
      3. 6.1.1
      4. 6.1.2
      5. 6.1.3
      6. 6.2.0

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-07-19 17:59
2019-07-19 06:15

New CVE