3 matches found
CVE-2007-6657
Affected product: Mihalism Multi Forum Host 3.0.x and earlier. The vulnerability is a PHP remote file inclusion in load_forum.php triggered by a URL in the mfh_root_path parameter, allowing remote code execution. The CVSS-based assessment in the linked NVD entry indicates a HIGH base score (7.5) ...
CVE-2007-6653
The CVE-2007-6653 entry describes a Directory traversal vulnerability in Mihalism Multi Host 2.0.7, affecting the download.php script. The vulnerability allows remote attackers to read arbitrary files by manipulating the file parameter with a .. (dot dot) sequence. Documented impact is read acces...
CVE-2008-0714
CVE-2008-0714 affects Mihalism Multi Host via the vulnerable file users.php in the lost_password_go flow, where the username parameter is susceptible to SQL injection . The underlying issue is improper input handling, enabling remote attackers to execute arbitrary SQL commands. Public references ...