portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.
7.2CVSS
7.5AI Score
0.001EPSS
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
8.8CVSS
8.7AI Score
0.001EPSS
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.
4.3CVSS
4.6AI Score
0.001EPSS
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
7.5CVSS
7.5AI Score
0.002EPSS
Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.
8.1CVSS
8.2AI Score
0.005EPSS