Share
## https://sploitus.com/exploit?id=SAINT:2CE87A36E204A88A9EC5E47224B3DE70
Added: 05/07/2026  


### Background

MetInfo is an open-source content management system (CMS) written in PHP and MySQL developed in China. 

### Problem

A vulnerability in the `**weixinreply**` class allows remote attackers to execute arbitrary commands by sending an API request with specially crafted `**EventKey**` and `**FromUserName**` XML tags. 

### Resolution

Apply the patch. 

### References

https://karmainsecurity.com/KIS-2026-06