CVE-2018-7271

Name: CVE-2018-7271
Creator: NVD / NIST
Published: 2018-02-21T00:29:00.207+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.67%

Last modified Jun 17, 2026

CVE-2018-7271 is a vulnerability of currently unknown severity. An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.. EPSS estimates a 1.67% chance of exploitation in the next 30 days.

Description

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.

Metrics

EPSS Probability

1.67%

73.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Metinfo	Metinfo	6.0.0

References

https://github.com/SQYY/CVE/blob/master/MetInfo_G.txtExploit, Third Party Advisory
https://github.com/SQYY/CVE/blob/master/MetInfo_G.txtExploit, Third Party Advisory

Timeline

Published: Feb 21, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-7271?

How severe is CVE-2018-7271?

Severity scoring for CVE-2018-7271 is pending analysis. The EPSS model estimates a 1.67% probability of exploitation in the next 30 days.

How do I fix CVE-2018-7271?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7271?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST