cbcvebase.

Frog Cms Project Frog Cms vulnerabilities

18 known vulnerabilities affecting frog_cms_project/frog_cms.

Total CVEs
18
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM11

Vulnerabilities

Page 1 of 1
CVE-2014-4912P2CRITICALCVSS 9.8PoCv0.9.52018-03-22
CVE-2014-4912 [CRITICAL] CWE-434 CVE-2014-4912: An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
nvd
CVE-2018-8908P3HIGHCVSS 8.8PoCv0.9.52018-03-31
CVE-2018-8908 [HIGH] CWE-352 CVE-2018-8908: An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functiona An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification r
nvd
CVE-2018-20448P4MEDIUMCVSS 5.4PoCv0.9.52018-12-25
CVE-2018-20448 [MEDIUM] CWE-79 CVE-2018-20448: Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
nvd
CVE-2018-20775P3HIGHCVSS 7.2v0.9.52019-02-11
CVE-2018-20775 [HIGH] CWE-94 CVE-2018-20775: admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
nvd
CVE-2018-20772P3HIGHCVSS 7.2v0.9.52019-02-11
CVE-2018-20772 [HIGH] CWE-94 CVE-2018-20772: Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
nvd
CVE-2018-20776P3HIGHCVSS 7.5v0.9.52019-02-11
CVE-2018-20776 [HIGH] CWE-200 CVE-2018-20776: Frog CMS 0.9.5 provides a directory listing for a /public request. Frog CMS 0.9.5 provides a directory listing for a /public request.
nvd
CVE-2018-20773P3HIGHCVSS 7.2v0.9.52019-02-11
CVE-2018-20773 [HIGH] CWE-94 CVE-2018-20773: Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <? Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
nvd
CVE-2018-11098P3HIGHCVSS 7.2v0.9.52018-05-15
CVE-2018-11098 [HIGH] CVE-2018-11098: An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plug An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
nvd
CVE-2019-6243P4MEDIUMCVSS 6.1v0.9.52019-01-12
CVE-2019-6243 [MEDIUM] CWE-79 CVE-2019-6243: Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
nvd
CVE-2018-16373P4MEDIUMCVSS 4.9v0.9.52018-09-03
CVE-2018-16373 [MEDIUM] CWE-434 CVE-2018-16373: Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/sa Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
nvd
CVE-2018-20778P4MEDIUMCVSS 6.1v0.9.52019-02-11
CVE-2018-20778 [MEDIUM] CWE-79 CVE-2018-20778: admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
nvd
CVE-2019-1010235P4MEDIUMCVSS 5.4v1.12019-07-22
CVE-2019-1010235 [MEDIUM] CWE-79 CVE-2019-1010235: Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-u Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
nvd
CVE-2018-20774P4MEDIUMCVSS 5.4v0.9.52019-02-11
CVE-2018-20774 [MEDIUM] CWE-79 CVE-2018-20774: Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
nvd
CVE-2018-20777P4MEDIUMCVSS 5.4v0.9.52019-02-11
CVE-2018-20777 [MEDIUM] CWE-79 CVE-2018-20777: Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
nvd
CVE-2018-16374P4MEDIUMCVSS 4.8v0.9.52018-09-03
CVE-2018-16374 [MEDIUM] CWE-79 CVE-2018-16374: Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
nvd
CVE-2018-9992P4MEDIUMCVSS 4.8v0.9.52018-04-11
CVE-2018-9992 [MEDIUM] CWE-79 CVE-2018-9992: Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_ Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
nvd
CVE-2018-9991P4MEDIUMCVSS 4.8v0.9.52018-04-11
CVE-2018-9991 [MEDIUM] CWE-79 CVE-2018-9991: Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
nvd
CVE-2018-20680P4MEDIUMCVSS 4.8v0.9.52019-01-09
CVE-2018-20680 [MEDIUM] CWE-79 CVE-2018-20680: Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
nvd
Frog Cms Project Frog Cms vulnerabilities | cvebase