CVE-2019-16997

HIGH NUCLEI

Metinfo - SQL Injection

Title source: rule

Description

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.

Nuclei Templates (1)

Metinfo 7.0.0 beta - SQL Injection

HIGHby ritikchaddha

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/2

Scores

CVSS v3 7.2

EPSS 0.9371

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

metinfo/metinfo 7.0.0 beta

Published Sep 30, 2019

Tracked Since Feb 18, 2026