CVE-2009-0372

Name of the Vulnerable Software and Affected Versions Miltenovik Manojlo MemHT Portal versions 4.0.1 and earlier

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.

Recommendations For versions 4.0.1 and earlier, as a temporary workaround, consider restricting access to the editProfile action in index.php to prevent uploading files with executable extensions. Additionally, restrict direct requests to files in the images/avatar/uploaded/ directory to minimize the risk of exploitation.