Oyeahtime

**Name of the Vulnerable Software and Affected Versions** portfolioCMS version 1.0.5 **Description** The issue allows the upload of arbitrary .php files via the "admin/portfolio.php?newpage=true" API endpoint. This could potentially lead to unauthorized code execution. **Recommendations** For portfolioCMS version 1.0.5, consider restricting access to the "admin/portfolio.php?newpage=true" API endpoint until a patch is available. As a temporary workaround, disabling the file upload functionality in the admin interface may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** portfolioCMS version 1.0.5 **Description** The issue is related to SQL Injection, which can be exploited via the `preview` parameter in the "admin/portfolio.php" endpoint. **Recommendations** For portfolioCMS version 1.0.5, avoid using the `preview` parameter in the "admin/portfolio.php" endpoint until the issue is resolved.