CVE-2008-4164
MemHT Portal <= 3.9.0 - Exposure of Sensitive Information via Direct Request to cron.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-4164. PoCs published by Ams.
AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in MemHT Portal <= 3.9.0 via the `stats_res` cookie parameter. It attempts to write a PHP shell to the server's filesystem, leveraging MySQL's `INTO OUTFILE` feature.
Description
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ams · perlwebappsphp
https://www.exploit-db.com/exploits/6393
This exploit targets a SQL injection vulnerability in MemHT Portal <= 3.9.0 via the `stats_res` cookie parameter. It attempts to write a PHP shell to the server's filesystem, leveraging MySQL's `INTO OUTFILE` feature.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
MemHT Portal <= 3.9.0
No auth needed
Prerequisites:
magic_quotes_gpc = off · MySQL file write permissions · knowledge of server path
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45413
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6393
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4288
Scores
EPSS
0.0224
EPSS Percentile
80.5%
Details
CWE
CWE-200
Status
published
Products (6)
memht/memht_portal
3.1
memht/memht_portal
3.4
memht/memht_portal
3.4.5
memht/memht_portal
3.6.0
memht/memht_portal
3.8.5
memht/memht_portal
< 3.9.0
Published
Sep 22, 2008
Tracked Since
Feb 18, 2026