ProductNews
New Features

Vulnerability Scanner Plugin for SQL Injections on the Metinfo Homepage Is Released

Oct 17 2018

On Oct 16, 2018, the emergency response center identified SQL injection as a potential threat that can exploit a new vulnerability on the homepage of Metinfo 6.1.2.
Content

Target customers: Metinfo users. Features released: On Oct 16, 2018, the emergency response center identified SQL injection as a potential threat that can exploit a new vulnerability on the homepage of Metinfo 6.1.2. Attackers can exploit the vulnerability to obtain sensitive data and unauthorized access to a website database using nefarious SQL statements. Vulnerability description: In the vulnerability file: metinfo6.1.2/app/system/message/web/message.class.php, the id parameter is incorrectly filtered, which results in SQL injections. Vulnerability severity: High. Vulnerability name: CNVD-2018-20024. Attack scope: Metinfo 6.1.2.

Previous

Added Machine Learning Functions in Log Service

Next

Added a Series of Compare Functions

7th Gen ECS Is Now Available

Increase instance computing power by up to 40% and Fully equipped with TPM chips.
Powered by Third-generation Intel® Xeon® Scalable processors (Ice Lake).

Start Now

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More