Portfoliocms Project Portfoliocms — known CVE vulnerabilities
Every CVE whose affected-product data names Portfoliocms Project Portfoliocms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-12263 — CVSS 8.8 (high): portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
CVE-2018-15848 — CVSS 8.8 (high): An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
CVE-2021-36532 — CVSS 8.1 (high): Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to…
CVE-2020-20402 — CVSS 7.5 (high): Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.