CVE-2019-16996

HIGH EXPLOITED NUCLEI

Metinfo - SQL Injection

Title source: rule

Description

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.

Nuclei Templates (1)

Metinfo 7.0.0 beta - SQL Injection

HIGHby ritikchaddha

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1

Scores

CVSS v3 7.2

EPSS 0.9248

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-06-08

CWE

CWE-89

Status published

Products (1)

metinfo/metinfo 7.0.0 beta

Published Sep 30, 2019

Tracked Since Feb 18, 2026