ProductNews
New Features

A Plug-in to Detect the SQL Injection Vulnerability in the MetInfo Frontend Is Available

Oct 17 2018

On October 16, 2018, Alibaba Cloud Security Emergency Response Center detected that a security researcher disclosed a SQL injection vulnerability in the frontend of MetInfo 6.1.2 (the latest version).
Content

Target customers: users who run websites based on MetInfo and Mituo. Features released: On October 16, 2018, Alibaba Cloud Security Emergency Response Center detected that a security researcher disclosed a SQL injection vulnerability in the frontend of MetInfo 6.1.2 (the latest version). Attackers can create malicious SQL statements to exploit this vulnerability and obtain sensitive information and permissions on the website database. Vulnerability description: The id parameter is not filtered in the metinfo6.1.2/app/system/message/web/message.class.php file, resulting in an SQL injection vulnerability. Vulnerability severity: critical (CNVD-2018-20024) Impact scope: MetInfo 6.1.2.

Previous

Fixed the problem that scaling out fails after a user manually deletes ECS instances running as Kubernetes (k8s) nodes.

Next

Support for Filtering Charts in the Dashboard Module

7th Gen ECS Is Now Available

Increase instance computing power by up to 40% and Fully equipped with TPM chips.
Powered by Third-generation Intel® Xeon® Scalable processors (Ice Lake).

Start Now

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More