PT-2018-11088 · Portfoliocms · Portfoliocms
Oyeahtime
·
Published
2018-06-13
·
Updated
2020-02-20
·
CVE-2018-12263
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
portfolioCMS version 1.0.5
Description
The issue allows the upload of arbitrary .php files via the "admin/portfolio.php?newpage=true" API endpoint. This could potentially lead to unauthorized code execution.
Recommendations
For portfolioCMS version 1.0.5, consider restricting access to the "admin/portfolio.php?newpage=true" API endpoint until a patch is available. As a temporary workaround, disabling the file upload functionality in the admin interface may help minimize the risk of exploitation.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Portfoliocms