portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| portfoliocms_project | portfoliocms | 1.0.5 |
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| portfoliocms_project | portfoliocms | 1.0.5 |
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| portfoliocms_project | portfoliocms | 1.0.5 |
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| portfoliocms_project | portfoliocms | 1.0.5 |
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| portfoliocms_project | portfoliocms | 1.0.5 |
Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| portfoliocms_project | portfoliocms | 1.0.0 |