Mihalism : Security Vulnerabilities, CVEs,
SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.
Max CVSS
6.8
EPSS Score
0.15%
Published
2008-02-12
Updated
2017-09-29
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter.
Max CVSS
7.5
EPSS Score
2.73%
Published
2008-01-04
Updated
2017-09-29
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Max CVSS
5.0
EPSS Score
1.79%
Published
2008-01-04
Updated
2017-09-29
3 vulnerabilities found