CVE-2019-16997

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.

Published : 2019-09-30 13:15 Updated : 2019-10-04 14:38

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Metinfo Metinfo 7.0.0 cpe:/a:metinfo:metinfo:7.0.0:beta
  1. Metinfo (1) Search CVE
    1. Metinfo (1) Search CVE
      1. 7.0.0

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-04 14:38
2019-09-30 13:30

New CVE