phantom0301

2 exploits Active since Jul 2017
CVE-2017-14513 WRITEUP MEDIUM WRITEUP
MetInfo 5.3.17 - Path Traversal via f_filename Parameter
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
CVSS 5.3
CVE-2017-9764 WRITEUP MEDIUM WRITEUP
MetInfo 5.3.17 - Cross-Site Scripting via Client-IP or X-Forwarded-For Header
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
CVSS 6.1