cbcvebase.

Memht Portal vulnerabilities

5 known vulnerabilities affecting memht/memht_portal.

Total CVEs
5
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2008-5132P3HIGHCVSS 7.5PoCv4.0.12008-11-18
CVE-2008-5132 [HIGH] CWE-89 CVE-2008-5132: SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attacker SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
nvd
CVE-2009-0372P3MEDIUMCVSS 6.5PoC≤ 4.0.1v1.0+19 more2009-01-30
CVE-2009-0372 [MEDIUM] CWE-20 CVE-2009-0372: Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and ear Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploade
nvd
CVE-2008-4457P3MEDIUMCVSS 6.8PoC≤ 3.9.0v1.0+18 more2008-10-07
CVE-2008-4457 [MEDIUM] CWE-89 CVE-2008-4457: SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_ SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.
nvd
CVE-2010-5320P4MEDIUMCVSS 6.8v4.0.12015-01-03
CVE-2010-5320 [MEDIUM] CWE-352 CVE-2010-5320: Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attack Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php.
nvd
CVE-2008-4164P4LOWCVSS 2.6PoC≤ 3.9.0v3.1+4 more2008-09-22
CVE-2008-4164 [LOW] CWE-200 CVE-2008-4164: cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information v cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
nvd
Memht Portal vulnerabilities | cvebase