Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4457

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-4457
Last Modified 07 Mar 2011 10:12:29
Published 06 Oct 2008 08:31:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4457

Summary

SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.

Vulnerable Systems

Application

  • Memht Portal 1.0

  • Memht Portal 1.5

  • Memht Portal 2.0

  • Memht Portal 2.5

  • Memht Portal 2.9

  • Memht Portal 3.0

  • Memht Portal 3.1

  • Memht Portal 3.2

  • Memht Portal 3.3

  • Memht Portal 3.4

  • Memht Portal 3.4.5

  • Memht Portal 3.5.0

  • Memht Portal 3.6.0

  • Memht Portal 3.6.5

  • Memht Portal 3.7.0

  • Memht Portal 3.7.5

  • Memht Portal 3.8.0

  • Memht Portal 3.8.1

  • Memht Portal 3.8.5

  • Memht Portal 3.9.0


References

BID - 31045

CONFIRM - http://www.memht.com/news_95_Important-fix-for-all-MemHT-Versions.html

XF - memhtportal-incstatistics-sql-injection(44930)

VUPEN - ADV-2008-2510

MILW0RM - 6393

SREASON - 4288

SECUNIA - 31751


Last Updated: 27 May 2016 10:48:30