SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.
Software | From | Fixed in |
---|---|---|
memht / memht_portal | - | 3.9.0.x |
memht / memht_portal | 1.0-final | 1.0-final.x |
memht / memht_portal | 1.5-full | 1.5-full.x |
memht / memht_portal | 1.5-update | 1.5-update.x |
memht / memht_portal | 2.0-full | 2.0-full.x |
memht / memht_portal | 2.0-update | 2.0-update.x |
memht / memht_portal | 2.5-full | 2.5-full.x |
memht / memht_portal | 2.5-update | 2.5-update.x |
memht / memht_portal | 2.9-full | 2.9-full.x |
memht / memht_portal | 2.9-update | 2.9-update.x |
memht / memht_portal | 3.0-full | 3.0-full.x |
memht / memht_portal | 3.0-update | 3.0-update.x |
memht / memht_portal | 3.1-full | 3.1-full.x |
memht / memht_portal | 3.1-update | 3.1-update.x |
memht / memht_portal | 3.2-update | 3.2-update.x |
memht / memht_portal | 3.3-full | 3.3-full.x |
memht / memht_portal | 3.3-update | 3.3-update.x |
memht / memht_portal | 3.4-full | 3.4-full.x |
memht / memht_portal | 3.4-update | 3.4-update.x |
memht / memht_portal | 3.4.5-full | 3.4.5-full.x |
memht / memht_portal | 3.4.5-update | 3.4.5-update.x |
memht / memht_portal | 3.5.0-full | 3.5.0-full.x |
memht / memht_portal | 3.6.0 | 3.6.0.x |
memht / memht_portal | 3.6.5 | 3.6.5.x |
memht / memht_portal | 3.7.0 | 3.7.0.x |
memht / memht_portal | 3.7.5 | 3.7.5.x |
memht / memht_portal | 3.8.0 | 3.8.0.x |
memht / memht_portal | 3.8.1 | 3.8.1.x |
memht / memht_portal | 3.8.5 | 3.8.5.x |