Frog CMS
by CMS Frogss
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8908 | Hig | 0.60 | 8.8 | 0.02 | Mar 31, 2018 | An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin… | ||
| CVE-2018-11098 | Hig | 0.47 | 7.2 | 0.01 | May 15, 2018 | An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. | ||
| CVE-2018-10321 | Med | 0.34 | 4.8 | 0.02 | Apr 24, 2018 | Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. | ||
| CVE-2018-10570 | Med | 0.31 | 4.8 | 0.01 | Apr 30, 2018 | Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | ||
| CVE-2018-9992 | Med | 0.31 | 4.8 | 0.01 | Apr 11, 2018 | Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. | ||
| CVE-2018-9991 | Med | 0.31 | 4.8 | 0.01 | Apr 11, 2018 | Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. | ||
| CVE-2018-20448 | 0.03 | — | 0.02 | Dec 25, 2018 | Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. | |||
| CVE-2006-4536 | 0.03 | — | 0.01 | Sep 5, 2006 | SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter. | |||
| CVE-2019-1010235 | 0.00 | — | 0.01 | Jul 22, 2019 | Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets. | |||
| CVE-2018-20773 | 0.00 | — | 0.02 | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | |||
| CVE-2018-20774 | 0.00 | — | 0.01 | Feb 11, 2019 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | |||
| CVE-2018-20772 | 0.00 | — | 0.02 | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | |||
| CVE-2018-20775 | 0.00 | — | 0.02 | Feb 11, 2019 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | |||
| CVE-2018-20777 | 0.00 | — | 0.01 | Feb 11, 2019 | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | |||
| CVE-2019-6243 | 0.00 | — | 0.01 | Jan 12, 2019 | Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | |||
| CVE-2018-19844 | 0.00 | — | 0.01 | Dec 31, 2018 | FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. |
- risk 0.60cvss 8.8epss 0.02
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin…
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
- risk 0.34cvss 4.8epss 0.02
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
- CVE-2018-20448Dec 25, 2018risk 0.03cvss —epss 0.02
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
- CVE-2006-4536Sep 5, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.
- CVE-2019-1010235Jul 22, 2019risk 0.00cvss —epss 0.01
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
- CVE-2018-20773Feb 11, 2019risk 0.00cvss —epss 0.02
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
- CVE-2018-20774Feb 11, 2019risk 0.00cvss —epss 0.01
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
- CVE-2018-20772Feb 11, 2019risk 0.00cvss —epss 0.02
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
- CVE-2018-20775Feb 11, 2019risk 0.00cvss —epss 0.02
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
- CVE-2018-20777Feb 11, 2019risk 0.00cvss —epss 0.01
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
- CVE-2019-6243Jan 12, 2019risk 0.00cvss —epss 0.01
Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
- CVE-2018-19844Dec 31, 2018risk 0.00cvss —epss 0.01
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.