CVE-2008-4164

Memht Portal < 3.9.0 - Information Disclosure

Title source: rule

Description

cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ams · perlwebappsphp

https://www.exploit-db.com/exploits/6393

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45413

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6393

[Third Party Advisory] http://securityreason.com/securityalert/4288

Scores

EPSS 0.0509

EPSS Percentile 89.8%

Details

CWE

CWE-200

Status published

Products (6)

memht/memht_portal 3.1

memht/memht_portal 3.4

memht/memht_portal 3.4.5

memht/memht_portal 3.6.0

memht/memht_portal 3.8.5

memht/memht_portal < 3.9.0

Published Sep 22, 2008

Tracked Since Feb 18, 2026