5 matches found
CVE-2008-5132
CVE-2008-5132 is a SQL injection vulnerability in MemHT Portal 4.0.1, specifically in inc/ajax/ajax_rating.php. The issue allows remote attackers to execute arbitrary SQL commands by sending a crafted X-Forwarded-For HTTP header. The CVE entry notes impact as partial confidentiality/integrity/ava...
CVE-2010-5320
CVE-2010-5320 relates to MemHT Portal 4.0.1 and describes multiple cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack administrator authentication for requests to admin.php affecting settings, articles, and users. The connected documents corroborate the same d...
CVE-2008-4457
MemHT Portal 3.9.0 and earlier are affected by a SQL injection vulnerability in inc/inc_statistics.php. The issue arises when magic_quotes_gpc is disabled, allowing remote attackers to inject SQL via the stats_res cookie to index.php. Connected documents confirm the affected product and the vulne...
CVE-2008-4164
CVE-2008-4164 affects MemHT Portal versions 3.9.0 and earlier. The issue is information disclosure via cron.php, where a direct request reveals the installation path in an error message. This is a remote vulnerability with network access and partial confidentiality impact as described. Exploit re...
CVE-2009-0372
The CVE-2009-0372 vulnerability affects Miltenovik Manojlo MemHT Portal (versions 4.0.1 and earlier). An authenticated remote user can upload a file with an executable extension using the editProfile action and then access the uploaded file from images/avatar/uploaded/ to execute arbitrary code. ...