MemHT Portal is a Free PHP CMS and Blog
It permit the creation and the management online of websites with few and easy steps.
It's completely customizable, expandable and suitable for all needs.
   Download MemHT 4          Stable version
   Download MemHT 5             Beta version
A2Hosting
News
Small fix for MemHT Portal 4.0.1
Date 29/11/2009 18:44  Author mem  Hits 4156  Language Global
The user goffi reported me a small unfiltered server variable that might be used to inject malitious code.

To fix it, open the file inc/inc_getinfo.php

Find on the row~49
$visitorInfo['referer'] = (!eregi($_SERVER['HTTP_HOST'],$_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : "" ;


Replace it with
$visitorInfo['referer'] = (!eregi($_SERVER['HTTP_HOST'],$_SERVER['HTTP_REFERER'])) ? mysql_real_escape_string($_SERVER['HTTP_REFERER']) : "" ;


In alternative you can download the fixed file HERE

The downloadable MemHT 4.0.1 version has already been fixed.
Tags fix
Comments Comments
eholten
Patched. Thank you
29
Nov
jareQ
Hello.
Why is Administrator (mem) confirms new registrations memht.com?
30
Nov
mem
@ jareQ

Personal choice
30
Nov
jareQ
Thank mem Smile
01
Dec
alle
goffi is a friend of mine and found this vulnerability having a look at logs after a defacement of my website!
Thank you so much goffi!
01
Dec
Tags Cloud
Twitter updates...
After 5 years (7 feb 2007) since the first (1.0) version, MemHT 5.0.0.5 Beta has arrived (SVN Rev.120). http://t.co/5MJ7zXaa
[New] Installer Rev.116 SVN: http://t.co/Ue2Mpdmq
[Fix] Gallery and downloads variable notice [Fix] Gallery and downloads variable notice [Fix] User's registration and activation links
Help MemHT Portal
Navigator
Home
Community
Contact Us
Download
Forum
News
Gallery
RSS Feeds
Search
SiteMap
Submission
Topics
User Page
Users Block
Hi Guest
IP: 38.107.179.230

Username
Password
MemHT Wiki
How to create new Templates
Features
Languages
Default template style
How to create new Addons
How to create static html pages
How to install new Templates
Virtual Addons
How to add Banners
Hooks
Language
memht.com
Copyright © 2005-2012 by Miltenovikj Manojlo - All rights reserved

www.memht.com
www.memht.org
 | |
MemHT Portal is a free software released under the GNU/GPL License by Miltenovik Manojlo