MidnightBSD

Advisories for portfoliocms_project

CVE-2018-12110 MEDIUM

portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
portfoliocms_project portfoliocms 1.0.5
CVE-2018-12263 MEDIUM

portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
portfoliocms_project portfoliocms 1.0.5
CVE-2018-15848 MEDIUM

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
portfoliocms_project portfoliocms 1.0.5
CVE-2018-15849 MEDIUM

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
portfoliocms_project portfoliocms 1.0.5
CVE-2020-20402

Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.

Products Affected

Vendor Product Version
portfoliocms_project portfoliocms 1.0.5
CVE-2021-36532

Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.

Products Affected

Vendor Product Version
portfoliocms_project portfoliocms 1.0.0