Vulnerabilities (CVE)

Filtered by vendor Portfoliocms Project Subscribe
Filtered by product Portfoliocms
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36532 1 Portfoliocms Project 1 Portfoliocms 2024-11-21 N/A 8.1 HIGH
Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.
CVE-2020-20402 1 Portfoliocms Project 1 Portfoliocms 2024-11-21 N/A 7.5 HIGH
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
CVE-2018-15849 1 Portfoliocms Project 1 Portfoliocms 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.
CVE-2018-15848 1 Portfoliocms Project 1 Portfoliocms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
CVE-2018-12263 1 Portfoliocms Project 1 Portfoliocms 2024-11-21 6.5 MEDIUM 8.8 HIGH
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
CVE-2018-12110 1 Portfoliocms Project 1 Portfoliocms 2024-11-21 6.5 MEDIUM 7.2 HIGH
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.