Vulnerabilities > Portfoliocms Project

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-36532 Race Condition vulnerability in Portfoliocms Project Portfoliocms 1.0.0
Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.
network
high complexity
portfoliocms-project CWE-362
8.1
2023-01-31 CVE-2020-20402 Improper Authentication vulnerability in Portfoliocms Project Portfoliocms 1.0.5
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
network
low complexity
portfoliocms-project CWE-287
7.5
2018-08-25 CVE-2018-15849 Cross-Site Request Forgery (CSRF) vulnerability in Portfoliocms Project Portfoliocms 1.0.5
An issue was discovered in portfolioCMS 1.0.5.
network
low complexity
portfoliocms-project CWE-352
4.3
2018-08-25 CVE-2018-15848 Cross-Site Request Forgery (CSRF) vulnerability in Portfoliocms Project Portfoliocms 1.0.5
An issue was discovered in portfolioCMS 1.0.5.
network
low complexity
portfoliocms-project CWE-352
8.8
2018-06-13 CVE-2018-12263 Unrestricted Upload of File with Dangerous Type vulnerability in Portfoliocms Project Portfoliocms 1.0.5
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
network
low complexity
portfoliocms-project CWE-434
8.8
2018-06-11 CVE-2018-12110 SQL Injection vulnerability in Portfoliocms Project Portfoliocms 1.0.5
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.
network
low complexity
portfoliocms-project CWE-89
7.2