Powerportal » Powerportal : Security Vulnerabilities, CVEs, CVSS score >= 6
Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI.
Max CVSS
7.8
EPSS Score
1.75%
Published
2008-09-30
Updated
2017-09-29
PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.
Max CVSS
7.5
EPSS Score
5.62%
Published
2006-10-03
Updated
2017-10-19
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
Max CVSS
7.5
EPSS Score
0.79%
Published
2006-01-22
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the (1) id parameter to the (a) private_messages module; (2) search parameter to the (b) links and (c) content modules; and (3) files parameter to the gallery module.
Max CVSS
6.8
EPSS Score
0.52%
Published
2004-08-06
Updated
2017-07-11
4 vulnerabilities found