Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0372

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-0372
Last Modified 02 Feb 2009 12:00:00
Published 30 Jan 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0372

Summary

Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.

Vulnerable Systems

Application

  • Memht Portal 1.0

  • Memht Portal 1.5

  • Memht Portal 2.0

  • Memht Portal 2.5

  • Memht Portal 2.9

  • Memht Portal 3.0

  • Memht Portal 3.1

  • Memht Portal 3.2

  • Memht Portal 3.3

  • Memht Portal 3.4

  • Memht Portal 3.4.5

  • Memht Portal 3.5.0

  • Memht Portal 3.6.0

  • Memht Portal 3.6.5

  • Memht Portal 3.7.0

  • Memht Portal 3.7.5

  • Memht Portal 3.8.0

  • Memht Portal 3.8.1

  • Memht Portal 3.8.5

  • Memht Portal 3.9.0

  • Memht Portal 4.0.1


References

BID - 33424

XF - memht-avatar-file-upload(48199)

MILW0RM - 7859

SECUNIA - 33626


Last Updated: 27 May 2016 10:50:14