CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. |
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. |
1Portfoliocms Project 1Portfoliocms Nov 21, 2024 Aug 25, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. |
1Portfoliocms Project 1Portfoliocms Nov 21, 2024 Aug 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. |
1Portfoliocms Project 1Portfoliocms Nov 21, 2024 Jun 13, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI. |
1Portfoliocms Project 1Portfoliocms Nov 21, 2024 Jun 11, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. |