CVE-2019-7718
Last modified
CVE-2019-7718 is a vulnerability of currently unknown severity. An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Metinfo | Metinfo | >= 6.0.0, <= 6.1.3 |
References
- https://github.com/jadacheng/vulnerability/blob/master/Metinfo6.x/MetInfo.mdExploit, Third Party Advisory
- https://github.com/jadacheng/vulnerability/blob/master/Metinfo6.x/MetInfo.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-7718?
How severe is CVE-2019-7718?
How do I fix CVE-2019-7718?
Are you affected by CVE-2019-7718?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST