20.0% probability · 95.5th percentile — 2026-05-12
Affected versions
MetInfo CMS 7.9, 8.0, 8.1
Summary
This vulnerability allows unauthenticated remote attackers to inject and execute arbitrary PHP code on affected MetInfo CMS installations. The flaw occurs due to insufficient input validation and neutralization in request processing. Successful exploitation gives attackers full control over the web server hosting the CMS.
Remediation
Upgrade MetInfo CMS to the latest patched release from the official vendor. Restrict public access to your MetInfo instance until patching is completed. Deploy web application firewall rules to block malicious requests that attempt to exploit this code injection flaw.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.