Frogcms Project Frogcms vulnerabilities
23 known vulnerabilities affecting frogcms_project/frogcms.
Total CVEs
23
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH14MEDIUM8
Vulnerabilities
Page 1 of 2
CVE-2021-26794P3CRITICALCVSS 9.8v0.9.52021-09-23
CVE-2021-26794 [CRITICAL] CWE-434 CVE-2021-26794: Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.
nvd
CVE-2018-10321P4MEDIUMCVSS 4.8PoCv0.9.52018-04-24
CVE-2018-10321 [MEDIUM] CWE-79 CVE-2018-10321: Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
nvd
CVE-2024-46394P4HIGHCVSS 8.8v0.9.52024-09-19
CVE-2024-46394 [HIGH] CWE-352 CVE-2024-46394: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add
nvd
CVE-2024-42624P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42624 [HIGH] CWE-352 CVE-2024-42624: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
nvd
CVE-2024-42631P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42631 [HIGH] CWE-352 CVE-2024-42631: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1.
nvd
CVE-2024-42632P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42632 [HIGH] CWE-352 CVE-2024-42632: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
nvd
CVE-2024-46362P4HIGHCVSS 8.8v0.9.52024-09-17
CVE-2024-46362 [HIGH] CWE-352 CVE-2024-46362: FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
nvd
CVE-2024-46086P4HIGHCVSS 8.8v0.9.52024-09-18
CVE-2024-46086 [HIGH] CWE-352 CVE-2024-46086: FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123
nvd
CVE-2024-42630P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42630 [HIGH] CWE-352 CVE-2024-42630: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
nvd
CVE-2024-42628P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42628 [HIGH] CWE-352 CVE-2024-42628: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.
nvd
CVE-2024-42627P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42627 [HIGH] CWE-352 CVE-2024-42627: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3.
nvd
CVE-2024-42626P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42626 [HIGH] CWE-352 CVE-2024-42626: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
nvd
CVE-2024-42623P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42623 [HIGH] CWE-352 CVE-2024-42623: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1
nvd
CVE-2024-46085P4HIGHCVSS 8.8v0.9.52024-09-17
CVE-2024-46085 [HIGH] CWE-352 CVE-2024-46085: FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
nvd
CVE-2024-42629P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42629 [HIGH] CWE-352 CVE-2024-42629: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.
nvd
CVE-2024-42625P4HIGHCVSS 8.8v0.9.52024-08-12
CVE-2024-42625 [HIGH] CWE-352 CVE-2024-42625: FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add
nvd
CVE-2020-25872P4MEDIUMCVSS 4.9v0.9.52021-10-29
CVE-2020-25872 [MEDIUM] CWE-22 CVE-2020-25872: A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows a
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.
nvd
CVE-2018-10806P4MEDIUMCVSS 5.4v0.9.52018-05-08
CVE-2018-10806 [MEDIUM] CWE-79 CVE-2018-10806: An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability v
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.
nvd
CVE-2018-19844P4MEDIUMCVSS 4.8v0.9.52018-12-31
CVE-2018-19844 [MEDIUM] CVE-2018-19844: FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edi
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
nvd
CVE-2018-10319P4MEDIUMCVSS 4.8v0.9.52018-04-24
CVE-2018-10319 [MEDIUM] CWE-79 CVE-2018-10319: Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
nvd
1 / 2Next →