top of page
perceptive_background_267k.jpg

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sen…

Published:

31 March 2026 at 22:00:00

Alert date:

1 April 2026 at 17:02:06

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability. Remote attackers can execute arbitrary code by sending crafted requests with malicious PHP code. The vulnerability stems from insufficient input neutralization in the execution path. Successful exploitation allows attackers to achieve remote code execution and gain full control over the affected server. This is a critical vulnerability affecting multiple versions of the popular MetInfo CMS platform.

Technical details

Mitigation steps:

Affected products:

MetInfo CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-29014
https://karmainsecurity.com/KIS-2026-06
https://www.metinfo.cn/
https://www.vulncheck.com/advisories/metinfo-cms-unauthenticated-php-code-injection-rce

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page