cbcvebase.
CVE-2014-4912
published 2018-03-22

CVE-2014-4912: An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.

PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
8.51%
94.4th percentile
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.

Affected

1 ranges
VendorProductVersion rangeFixed in
frog_cms_projectfrog_cms

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://localhost/frog_095/admin/?/plugin/file_manager/images
urlhttp://localhost/Frog/frog_095/public/images/
path/admin/?/plugin/file_manager/images
path/public/images/
  • Monitor HTTP POST requests to the file_manager plugin upload endpoint (/admin/?/plugin/file_manager/) for uploads of executable file types (e.g., .php), indicating exploitation of missing extension validation.
  • Alert on PHP (or other executable script) files appearing under the /public/images/ web-accessible directory, as this is the expected drop location for uploaded webshells.
  • Unauthenticated HTTP requests to files placed under /public/images/ should be treated as potential webshell execution attempts, since no authentication is required to trigger uploaded files.
  • ·All authenticated CMS users (not just admins) have upload capability, broadening the attack surface beyond privileged accounts.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.