📦 Mojoportal

A file upload vulnerability in mojoPortal v2.7.0.0 allows remote attackers to upload malicious files through the File Manager function, potentially leading to arbitrary code execution. This affects al...

Mojoportal v2.7 contains an authenticated XML external entity (XXE) injection vulnerability that allows authenticated attackers to read arbitrary files from the server or potentially perform server-si...

CVE-2025-28367 is a directory traversal vulnerability in mojoPortal's BetterImageGallery API Controller that allows attackers to read sensitive files like Web.Config. This exposes the MachineKey, whic...