## https://sploitus.com/exploit?id=SAINT:10209D2A1756F9062F0F4626A21231FC
Added: 05/07/2026
### Background
MetInfo is an open-source content management system (CMS) written in PHP and MySQL developed in China.
### Problem
A vulnerability in the `**weixinreply**` class allows remote attackers to execute arbitrary commands by sending an API request with specially crafted `**EventKey**` and `**FromUserName**` XML tags.
### Resolution
Apply the patch.
### References
https://karmainsecurity.com/KIS-2026-06