CVE-2019-16997
published 2019-09-30CVE-2019-16997: In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the…
PriorityP260high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
49.40%
98.7th percentile
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| metinfo | metinfo | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/admin/?n=language&c=language_general&a=doExportPack
pathapp/system/language/admin/language_general.class.php
commandappno= 1 union SELECT 98989*443131,1&editor=cn&site=web
snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-16997)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/admin/?"; content:"a=doExportPack"; fast_pattern; distance:0; http.request_body; content:"appno="; startswith; pcre:"/^[^&=]*(?:union|select|update|insert|delete)/Ri"; reference:url,y4er.com/post/metinfo7-sql-tips/#sql-injection-2; reference:cve,2019-16997; classtype:attempted-admin; sid:2035019; rev:1; metadata:attack_target Server, created_at 2022_01_31, cve CVE_2019_16997, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2022_01_31, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
- →Exploit targets HTTP POST to /admin/?n=language&c=language_general&a=doExportPack with a UNION-based SQL injection payload in the 'appno' POST body parameter. The body starts with 'appno=' and contains SQL keywords (union, select, etc.).
- →The arithmetic canary value 98989*443131=43865094559 is used to confirm blind/UNION SQL injection execution. Presence of '43865094559' in the HTTP response body confirms successful exploitation.
- →The vulnerable endpoint is exclusively accessed via HTTP POST method. Detections should filter on POST requests to the doExportPack action.
- →The Emerging Threats rule SID 2035019 (rev:1) covers this CVE with Medium confidence and Major severity, classified as attempted-admin, mapped to MITRE T1190 (Exploit Public-Facing Application).
- ·CVE-2019-16997 affects only MetInfo 7.0.0 beta. The vulnerable parameter is 'appno' in the doExportPack action, which is distinct from the similarly structured CVE-2019-17418 (doSearchParameter action, GET method). Ensure detections differentiate between the two actions to avoid false positives.
- ·Exploitation requires high privileges (PR:H per CVSS), meaning the attacker must be authenticated as an admin. Detection rules should account for authenticated sessions when triaging alerts.
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v78c-5xvv-3875: An issue was discovered in MetInfo 7
ghsa_unreviewed·2022-05-24·CVSS 7.2
CVE-2019-17418 [HIGH] GHSA-v78c-5xvv-3875: An issue was discovered in MetInfo 7
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
GHSA
GHSA-j7gm-qcgq-j3v8: In Metinfo 7
ghsa_unreviewed·2022-05-24
CVE-2019-16997 [HIGH] CWE-89 GHSA-j7gm-qcgq-j3v8: In Metinfo 7
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
Suricata
ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-16997)
suricata·2022-01-31·CVSS 7.2
CVE-2019-16997 [HIGH] ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-16997)
ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-16997)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-16997)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/admin/?"; content:"a=doExportPack"; fast_pattern; distance:0; http.request_body; content:"appno="; startswith; pcre:"/^[^&=]*(?:union|select|update|insert|delete)/Ri"; reference:url,y4er.com/post/metinfo7-sql-tips/#sql-injection-2; reference:cve,2019-16997; classtype:attempted-admin; sid:2035019; rev:1; metadata:attack_target Server, created_at 2022_01_31, cve CVE_2019_16997, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2022_01_31, mitre_tactic_id TA0001, mitre_tactic_name Ini
Nuclei
MetInfo 7.0.0 beta - SQL Injection
nuclei·CVSS 7.2
CVE-2019-17418 [HIGH] MetInfo 7.0.0 beta - SQL Injection
MetInfo 7.0.0 beta - SQL Injection
MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter (a different issue than CVE-2019-16997).
Template:
id: CVE-2019-17418
info:
name: MetInfo 7.0.0 beta - SQL Injection
author: ritikchaddha
severity: high
description: |
MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter (a different issue than CVE-2019-16997).
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Upgrade to a patched version of MetInfo or apply the necessary security patches
Nuclei
Metinfo 7.0.0 beta - SQL Injection
nuclei·CVSS 7.2
CVE-2019-16997 [HIGH] Metinfo 7.0.0 beta - SQL Injection
Metinfo 7.0.0 beta - SQL Injection
Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
Template:
id: CVE-2019-16997
info:
name: Metinfo 7.0.0 beta - SQL Injection
author: ritikchaddha
severity: high
description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Upgrade to a patched version of Metinfo or apply the necess
2019-09-30
Published