CVE-2009-0372

Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
memhtmemht_portal
𝑥
≤ 4.0.1
memhtmemht_portal
1.0:final
memhtmemht_portal
1.5:full
memhtmemht_portal
1.5:update
memhtmemht_portal
2.0:full
memhtmemht_portal
2.0:update
memhtmemht_portal
2.5:full
memhtmemht_portal
2.5:update
memhtmemht_portal
2.9:full
memhtmemht_portal
2.9:update
memhtmemht_portal
3.0:full
memhtmemht_portal
3.0:update
memhtmemht_portal
3.1
memhtmemht_portal
3.1:full
memhtmemht_portal
3.1:update
memhtmemht_portal
3.2:update
memhtmemht_portal
3.3:full
memhtmemht_portal
3.3:update
memhtmemht_portal
3.4
memhtmemht_portal
3.4:full
memhtmemht_portal
3.4:update
memhtmemht_portal
3.4.5
memhtmemht_portal
3.4.5:full
memhtmemht_portal
3.4.5:update
memhtmemht_portal
3.5.0:full
memhtmemht_portal
3.6.0
memhtmemht_portal
3.6.5
memhtmemht_portal
3.7.0
memhtmemht_portal
3.7.5
memhtmemht_portal
3.8.0
memhtmemht_portal
3.8.1
memhtmemht_portal
3.8.5
memhtmemht_portal
3.9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/33626
http://www.securityfocus.com/bid/33424
https://exchange.xforce.ibmcloud.com/vulnerabilities/48199
https://www.exploit-db.com/exploits/7859
http://secunia.com/advisories/33626
http://www.securityfocus.com/bid/33424
https://exchange.xforce.ibmcloud.com/vulnerabilities/48199
https://www.exploit-db.com/exploits/7859