Description
SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.
Exploits
References
cve@mitre.org
http://secunia.com/advisories/31751cve@mitre.org
http://securityreason.com/securityalert/4288cve@mitre.org
http://www.securityfocus.com/bid/31045cve@mitre.org
http://www.vupen.com/english/advisories/2008/2510cve@mitre.org
https://www.exploit-db.com/exploits/6393af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31751af854a3a-2127-422b-91ae-364da2661108
http://securityreason.com/securityalert/4288af854a3a-2127-422b-91ae-364da2661108
http://www.memht.com/news_95_Important-fix-for-all-MemHT-Versions.htmlaf854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/31045af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/2510af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/44930af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/6393