Share
## https://sploitus.com/exploit?id=SAINT:10209D2A1756F9062F0F4626A21231FC
Added: 05/07/2026  


### Background

MetInfo is an open-source content management system (CMS) written in PHP and MySQL developed in China. 

### Problem

A vulnerability in the `**weixinreply**` class allows remote attackers to execute arbitrary commands by sending an API request with specially crafted `**EventKey**` and `**FromUserName**` XML tags. 

### Resolution

Apply the patch. 

### References

https://karmainsecurity.com/KIS-2026-06