CP
cyberpings
VulnerabilitiesHIGH

MetInfo CMS Vulnerability - PHP Code Injection Risk

Featured image for MetInfo CMS Vulnerability - PHP Code Injection Risk
FDFull Disclosure
CVE-2026-29014MetInfo CMSPHP Code Injection
🎯

Basically, there's a flaw in MetInfo CMS that lets hackers run harmful code remotely.

Quick Summary

A critical vulnerability in MetInfo CMS could let attackers execute arbitrary PHP code. Versions 7.9, 8.0, and 8.1 are at risk. Stay alert for updates and potential fixes.

What Happened

A significant PHP code injection vulnerability has been discovered in MetInfo CMS, affecting versions 7.9, 8.0, and 8.1. The flaw lies within the weixinreply.class.php script, specifically in the wxAdminLogin() method. This vulnerability allows attackers to exploit the system by injecting malicious PHP code.

The Flaw

The issue arises from the improper sanitization of user input. Specifically, the parameters EventKey and FromUserName from HTTP requests are not adequately checked before being processed. This oversight allows attackers to use Path Traversal sequences to manipulate the cache::get() method, potentially leading to the inclusion of arbitrary PHP files.

What's at Risk

If exploited, this vulnerability could lead to unauthenticated Remote Code Execution (RCE). Attackers could execute arbitrary PHP code on the server, which poses a severe security risk. This is particularly concerning for organizations using MetInfo CMS in production environments, especially those that have the WeChat plugin installed.

Proof of Concept

A proof of concept is available, demonstrating how this vulnerability can be exploited. You can find it here.

Patch Status

Currently, there is no official solution or patch available from the MetInfo team. This lack of response from the vendor raises concerns about the urgency and seriousness of addressing the vulnerability.

Disclosure Timeline

  • 26/02/2026: Vendor contacted via multiple email addresses, no response.
  • 07/03/2026: Follow-up attempt, no response.
  • 28/03/2026: Another attempt to contact the vendor, still no reply.
  • 29/03/2026: Attempted to reach out through Weibo, no response.
  • 30/03/2026: CVE identifier requested.
  • 31/03/2026: CVE identifier assigned.
  • 01/04/2026: Public disclosure of the vulnerability.

What You Should Do

Organizations using affected versions of MetInfo CMS should:

  • Monitor for any unusual activity on their systems.
  • Consider disabling the WeChat plugin if it is not essential.
  • Stay updated on any announcements from MetInfo regarding a patch or mitigation strategies.

In summary, the MetInfo CMS PHP code injection vulnerability poses a high risk for users. Immediate attention and monitoring are advised until a fix is provided.

🔒 Pro insight: The lack of vendor response highlights a concerning trend in vulnerability management, emphasizing the need for proactive security measures.

Original article from

FDFull Disclosure
Read Full Article

Share

Related Pings

HIGHVulnerabilities

CVE-2026-33691 - OWASP CRS Whitespace Padding Bypass Alert

A new vulnerability in OWASP CRS allows attackers to upload dangerous files by exploiting whitespace in filenames. This affects many web applications, risking severe security breaches. Immediate updates are necessary to protect your systems.

Full Disclosure·
HIGHVulnerabilities

Local Privilege Escalation - Vulnerability in Vienna Assistant

A vulnerability in Vienna Assistant for MacOS allows attackers to escalate privileges and execute commands. Users are urged to contact the vendor for a fix. This flaw poses a high risk to system security.

Full Disclosure·
HIGHVulnerabilities

Broken Access Control - High Risk in Open WebUI Discovered

A serious vulnerability has been found in Open WebUI, allowing low-privileged users to access sensitive data. This flaw, CVE-2026-34222, poses a high risk. Users must update to the latest version to secure their systems.

Full Disclosure·
HIGHVulnerabilities

Cisco IMC Auth Bypass - Critical Vulnerability Patched

What Happened Cisco has released urgent patches for a critical vulnerability in its Integrated Management Controller (IMC), affecting many of its servers and appliances. This flaw allows unauthenticated remote attackers to gain admin access, enabling them to control servers even when the main operating system is shut down. The vulnerability is tracked as CVE-2026-20093 and arises from improper handling

CSO Online·
HIGHVulnerabilities

RosarioSIS 6.7.2 - Critical XSS Vulnerability Discovered

A critical XSS vulnerability has been found in RosarioSIS 6.7.2. This flaw could allow attackers to execute harmful scripts on users' browsers. Users are urged to monitor for updates and take precautions to safeguard their data.

Exploit-DB·
HIGHVulnerabilities

phpMyAdmin 5.0.0 - Critical SQL Injection Vulnerability

A critical SQL injection vulnerability has been found in phpMyAdmin 5.0.0. This puts databases at risk of unauthorized access and data manipulation. Immediate updates are necessary to protect sensitive information.

Exploit-DB·