Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and previous versions allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
memht memht portal 3.4.5 |
||
memht memht portal 1.5 |
||
memht memht portal 2.5 |
||
memht memht portal 3.4 |
||
memht memht portal 3.0 |
||
memht memht portal 3.8.5 |
||
memht memht portal 3.3 |
||
memht memht portal 3.8.1 |
||
memht memht portal 3.8.0 |
||
memht memht portal 2.9 |
||
memht memht portal 3.1 |
||
memht memht portal 3.6.0 |
||
memht memht portal |
||
memht memht portal 1.0 |
||
memht memht portal 3.7.5 |
||
memht memht portal 3.7.0 |
||
memht memht portal 3.6.5 |
||
memht memht portal 3.5.0 |
||
memht memht portal 2.0 |
||
memht memht portal 3.2 |
||
memht memht portal 3.9.0 |
Vulmon