← Back

Memht Portal

memht_portal

Vendor: Memht • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2010-5320
1Memht
1Memht Portal
May 6, 2026
Jan 3, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to a...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php.Show less
CVE-2009-0372
1Memht
1Memht Portal
Apr 23, 2026
Jan 30, 2009
N/A· v4
N/A· v3
6.5 MEDIUM· v2
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an...Show more
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.Show less
CVE-2008-5132
1Memht
1Memht Portal
Apr 23, 2026
Nov 18, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
CVE-2008-4457
1Memht
1Memht Portal
Apr 23, 2026
Oct 7, 2008
N/A· v4
N/A· v3
6.8 MEDIUM· v2
SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.
CVE-2008-4164
1Memht
1Memht Portal
Apr 23, 2026
Sep 22, 2008
N/A· v4
N/A· v3
2.6 LOW· v2
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.