Vulnerabilities > Posh Project > Posh > 1.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-01 | CVE-2014-2212 | Credentials Management vulnerability in Posh Project Posh The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie. | 5.0 |
2014-03-03 | CVE-2014-2211 | SQL Injection vulnerability in Posh Project Posh SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. | 7.5 |