CVE-2009-0372
Miltenovik Manojlo MemHT Portal <4.0.1 - RCE
Title source: llmDescription
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.
Exploits (1)
Scores
EPSS
0.0350
EPSS Percentile
87.6%
Details
CWE
CWE-20
Status
published
Products (21)
memht/memht_portal
1.0 final
memht/memht_portal
1.5 full (2 CPE variants)
memht/memht_portal
2.0 full (2 CPE variants)
memht/memht_portal
2.5 full (2 CPE variants)
memht/memht_portal
2.9 full (2 CPE variants)
memht/memht_portal
3.0 full (2 CPE variants)
memht/memht_portal
3.1 (3 CPE variants)
memht/memht_portal
3.2 update
memht/memht_portal
3.3 full (2 CPE variants)
memht/memht_portal
3.4 (3 CPE variants)
... and 11 more
Published
Jan 30, 2009
Tracked Since
Feb 18, 2026