## https://sploitus.com/exploit?id=SAINT:2CE87A36E204A88A9EC5E47224B3DE70
Added: 05/07/2026
### Background
MetInfo is an open-source content management system (CMS) written in PHP and MySQL developed in China.
### Problem
A vulnerability in the `**weixinreply**` class allows remote attackers to execute arbitrary commands by sending an API request with specially crafted `**EventKey**` and `**FromUserName**` XML tags.
### Resolution
Apply the patch.
### References
https://karmainsecurity.com/KIS-2026-06