CVE-2020-19305 – This vulnerability in Metinfo CMS allows attack... (How to Fix)

Q: What is the severity of CVE-2020-19305?

CVE-2020-19305 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Metinfo CMS allows attackers to escalate privileges by exploiting improper path handling when deleting columns. Attackers can delete the indeximg parameter, potentially gaining administrative access. All Metinfo v7.0.0 installations are affected.

📋 TL;DR

This vulnerability in Metinfo CMS allows attackers to escalate privileges by exploiting improper path handling when deleting columns. Attackers can delete the indeximg parameter, potentially gaining administrative access. All Metinfo v7.0.0 installations are affected.

💻 Affected Systems

Products:

Metinfo CMS

Versions: v7.0.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to the admin interface, but exploitation can lead to privilege escalation from lower privileges.

📦 What is this software?

Metinfo by Metinfo

View all CVEs affecting Metinfo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative access, allowing data theft, defacement, or installation of backdoors.

🟠

Likely Case

Unauthorized administrative access leading to content manipulation, user data exposure, or further exploitation.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially only affecting non-critical functions.

🌐 Internet-Facing: HIGH - Web applications are directly accessible and vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal systems could be exploited by authenticated users or through lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access but is straightforward once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v7.0.1 or later

Vendor Advisory: https://www.metinfo.cn/

Restart Required: No

Instructions:

1. Backup your Metinfo installation and database. 2. Download the latest version from the official Metinfo website. 3. Replace the vulnerable file /app/system/column/admin/index.class.php with the patched version. 4. Verify the fix by checking that the indeximg parameter handling is properly validated.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit access to the admin interface using IP whitelisting or network segmentation.

# Example: Apache .htaccess
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24

File Permission Hardening

linux

Set strict permissions on the vulnerable file to prevent unauthorized modifications.

chmod 644 /app/system/column/admin/index.class.php
chown root:www-data /app/system/column/admin/index.class.php

🧯 If You Can't Patch

Implement strict access controls and monitor admin interface activity for suspicious behavior.
Deploy a web application firewall (WAF) with rules to detect and block privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check if your Metinfo version is 7.0.0 by reviewing the version file or admin panel.

Check Version:

grep -r 'version' /path/to/metinfo/ or check admin panel → System → Basic Information

Verify Fix Applied:

Verify the file /app/system/column/admin/index.class.php has been updated to a version that includes proper input validation for the indeximg parameter.

📡 Detection & Monitoring

Log Indicators:

Unusual admin login attempts
Multiple failed column deletion requests
Unexpected modifications to indeximg parameter

Network Indicators:

HTTP POST requests to /app/system/column/admin/index.class.php with suspicious parameters

SIEM Query:

source="web_logs" AND uri="/app/system/column/admin/index.class.php" AND (method="POST" OR params="indeximg")

📊 Metadata

CVE ID: CVE-2020-19305

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: August 3, 2021

Last Updated: November 21, 2024

🔗 References

https://cwe.mitre.org/data/definitions/36.html Third Party Advisory
https://github.com/MRdoulestar/CodeAnalyse/issues/2 Exploit,Issue Tracking,Third Party Advisory
https://cwe.mitre.org/data/definitions/36.html Third Party Advisory
https://github.com/MRdoulestar/CodeAnalyse/issues/2 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-19305, you might also want to check these: