VYPR

Frog CMS

by CMS Frogss

CVEs (16)

  • CVE-2018-8908HigMar 31, 2018
    risk 0.60cvss 8.8epss 0.02

    An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin…

  • CVE-2018-11098HigMay 15, 2018
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.

  • CVE-2018-10321MedApr 24, 2018
    risk 0.34cvss 4.8epss 0.02

    Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.

  • CVE-2018-10570MedApr 30, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.

  • CVE-2018-9992MedApr 11, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.

  • CVE-2018-9991MedApr 11, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.

  • CVE-2018-20448Dec 25, 2018
    risk 0.03cvss epss 0.02

    Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.

  • CVE-2006-4536Sep 5, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.

  • CVE-2019-1010235Jul 22, 2019
    risk 0.00cvss epss 0.01

    Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.

  • CVE-2018-20773Feb 11, 2019
    risk 0.00cvss epss 0.02

    Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.

  • CVE-2018-20774Feb 11, 2019
    risk 0.00cvss epss 0.01

    Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.

  • CVE-2018-20772Feb 11, 2019
    risk 0.00cvss epss 0.02

    Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.

  • CVE-2018-20775Feb 11, 2019
    risk 0.00cvss epss 0.02

    admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.

  • CVE-2018-20777Feb 11, 2019
    risk 0.00cvss epss 0.01

    Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.

  • CVE-2019-6243Jan 12, 2019
    risk 0.00cvss epss 0.01

    Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).

  • CVE-2018-19844Dec 31, 2018
    risk 0.00cvss epss 0.01

    FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.