CVE-2017-11500
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use .. to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
Date published : 2017-07-20
http://blackwolfsec.cc/2017/07/20/Metinfo-directory-traversal-bypass/