Aggregates CVE and security vulnerability intelligence across all jportal-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection; exposure may include vendor impact data exposure in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-6451 | SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509. | [email protected] | 7.5 | 0.36% | 2009-03-13 | 2026-04-23 |
| CVE-2007-5974 | SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | [email protected] | 7.5 | 0.46% | 2007-11-15 | 2026-04-23 |
| CVE-2007-5973 | SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. | [email protected] | 7.5 | 0.46% | 2007-11-15 | 2026-04-23 |
| CVE-2007-5912 | SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | [email protected] | 7.5 | 0.40% | 2007-11-10 | 2026-04-23 |
| CVE-2007-0912 | Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php. | [email protected] | 9.3 | 0.85% | 2007-02-13 | 2026-04-23 |
| CVE-2005-3509 | Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php. | [email protected] | 7.5 | 0.33% | 2005-11-06 | 2026-04-16 |
| CVE-2004-2036 | SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 1.16% | 2004-05-28 | 2026-04-16 |