2 matches found
CVE-2018-12110
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter...
CVE-2018-12110
portfolioCMS 1.0.5 is vulnerable to SQL Injection via the admin/portfolio.php preview parameter (and related evidence cites the same issue in CNVD-2018-11358). The root cause is improper handling of the preview parameter, allowing an attacker to execute arbitrary SQL commands remotely. Impact per...