CVE-2008-4457

Memht Portal < 3.9.0 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ams · perlwebappsphp

https://www.exploit-db.com/exploits/6393

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44930

[Vendor Advisory] http://secunia.com/advisories/31751

[Patch] http://www.securityfocus.com/bid/31045

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2510

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6393

[Third Party Advisory] http://securityreason.com/securityalert/4288

[Patch] http://www.memht.com/news_95_Important-fix-for-all-MemHT-Versions.html

Scores

EPSS 0.0138

EPSS Percentile 80.3%

Details

CWE

CWE-89

Status published

Products (20)

memht/memht_portal 1.0 final

memht/memht_portal 1.5 full (2 CPE variants)

memht/memht_portal 2.0 full (2 CPE variants)

memht/memht_portal 2.5 full (2 CPE variants)

memht/memht_portal 2.9 full (2 CPE variants)

memht/memht_portal 3.0 full (2 CPE variants)

memht/memht_portal 3.1 full (2 CPE variants)

memht/memht_portal 3.2 update

memht/memht_portal 3.3 full (2 CPE variants)

memht/memht_portal 3.4 full (2 CPE variants)

... and 10 more

Published Oct 07, 2008

Tracked Since Feb 18, 2026