Posh Project: >> Posh >> 2.0 Security Vulnerabilities
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-01
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2014-03-03