Unpatched MetInfo CMS sites face a wave of remote code execution attacks as cybercriminals exploit a critical vulnerability.