CVE-2009-0372

Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.

Published: Jan 30, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0372
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
memht / memht_portal	3.1-update	3.1-update.x
memht / memht_portal	3.0-update	3.0-update.x
memht / memht_portal	-	4.0.1.x
memht / memht_portal	2.9-full	2.9-full.x
memht / memht_portal	1.0-final	1.0-final.x
memht / memht_portal	3.1	3.1.x
memht / memht_portal	3.8.0	3.8.0.x
memht / memht_portal	1.5-full	1.5-full.x
memht / memht_portal	1.5-update	1.5-update.x
memht / memht_portal	2.5-update	2.5-update.x
memht / memht_portal	3.2-update	3.2-update.x
memht / memht_portal	2.0-update	2.0-update.x
memht / memht_portal	3.4-full	3.4-full.x
memht / memht_portal	3.4.5-full	3.4.5-full.x
memht / memht_portal	3.3-full	3.3-full.x
memht / memht_portal	2.0-full	2.0-full.x
memht / memht_portal	3.9.0	3.9.0.x
memht / memht_portal	3.7.5	3.7.5.x
memht / memht_portal	3.6.5	3.6.5.x
memht / memht_portal	3.6.0	3.6.0.x
memht / memht_portal	3.3-update	3.3-update.x
memht / memht_portal	3.7.0	3.7.0.x
memht / memht_portal	2.5-full	2.5-full.x
memht / memht_portal	3.8.1	3.8.1.x
memht / memht_portal	3.0-full	3.0-full.x
memht / memht_portal	3.1-full	3.1-full.x
memht / memht_portal	3.5.0-full	3.5.0-full.x
memht / memht_portal	3.8.5	3.8.5.x
memht / memht_portal	3.4.5-update	3.4.5-update.x
memht / memht_portal	3.4	3.4.x
memht / memht_portal	3.4.5	3.4.5.x
memht / memht_portal	3.4-update	3.4-update.x
memht / memht_portal	2.9-update	2.9-update.x

Vulnerability Database

290,020

CVE-2009-0372