cbcvebase.
CVE-2019-17418
published 2019-10-10

CVE-2019-17418: An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different…

PriorityP261high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
49.30%
98.7th percentile
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.

Affected

1 ranges
VendorProductVersion rangeFixed in
metinfometinfo

Detection & IOCsextracted from sources · hover to see the quote

url/admin/?n=language&c=language_general&a=doSearchParameter&editor=cn&word=search&appno=0+union+select+98989*443131,1--+&site=admin
snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-17418)"; flow:established,to_server; http.uri; content:"/admin/?"; content:"a=doSearchParameter"; fast_pattern; distance:0; content:"appno=0"; pcre:"/^[^&=]*(?:union|select|update|insert|delete)/Ri"; reference:url,nvd.nist.gov/vuln/detail/CVE-2019-17418; reference:cve,2019-17418; classtype:attempted-admin; sid:2035018; rev:1; metadata:attack_target Server, created_at 2022_01_31, cve CVE_2019_17418, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2022_01_31, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
  • SQL injection payload targets the `appno` parameter in the URI path `/admin/?n=language&c=language_general&a=doSearchParameter`. Look for `appno=0` followed by UNION/SELECT keywords in HTTP URI.
  • The nuclei template confirms exploitation by matching the arithmetic result `43865094559` (98989 × 443131) in the HTTP response body with a 200 status code, indicating successful blind/union-based SQL injection.
  • Exploit requires authenticated (admin-level) access (PR:H). Monitor admin panel requests to `a=doSearchParameter` with anomalous `appno` values containing SQL keywords.
  • ·This is a different SQL injection issue from CVE-2019-16997, both affecting MetInfo 7.0 via the same endpoint but distinct vulnerabilities.
  • ·Exploitation requires high-privilege (admin) credentials (PR:H), limiting unauthenticated attack surface but not eliminating risk from compromised admin accounts.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.