CVE-2008-4457

Description

SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.

Software From Fixed in
memht / memht_portal - 3.9.0.x
memht / memht_portal 1.0-final 1.0-final.x
memht / memht_portal 1.5-full 1.5-full.x
memht / memht_portal 1.5-update 1.5-update.x
memht / memht_portal 2.0-full 2.0-full.x
memht / memht_portal 2.0-update 2.0-update.x
memht / memht_portal 2.5-full 2.5-full.x
memht / memht_portal 2.5-update 2.5-update.x
memht / memht_portal 2.9-full 2.9-full.x
memht / memht_portal 2.9-update 2.9-update.x
memht / memht_portal 3.0-full 3.0-full.x
memht / memht_portal 3.0-update 3.0-update.x
memht / memht_portal 3.1-full 3.1-full.x
memht / memht_portal 3.1-update 3.1-update.x
memht / memht_portal 3.2-update 3.2-update.x
memht / memht_portal 3.3-full 3.3-full.x
memht / memht_portal 3.3-update 3.3-update.x
memht / memht_portal 3.4-full 3.4-full.x
memht / memht_portal 3.4-update 3.4-update.x
memht / memht_portal 3.4.5-full 3.4.5-full.x
memht / memht_portal 3.4.5-update 3.4.5-update.x
memht / memht_portal 3.5.0-full 3.5.0-full.x
memht / memht_portal 3.6.0 3.6.0.x
memht / memht_portal 3.6.5 3.6.5.x
memht / memht_portal 3.7.0 3.7.0.x
memht / memht_portal 3.7.5 3.7.5.x
memht / memht_portal 3.8.0 3.8.0.x
memht / memht_portal 3.8.1 3.8.1.x
memht / memht_portal 3.8.5 3.8.5.x