VYPR
Vendor

CMS Frogss

Products
2
CVEs
17
Across products
17
Status
Private

Products

2

Recent CVEs

17
  • CVE-2018-8908HigMar 31, 2018
    risk 0.60cvss 8.8epss 0.02

    An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin…

  • CVE-2018-11098HigMay 15, 2018
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.

  • CVE-2018-10321MedApr 24, 2018
    risk 0.34cvss 4.8epss 0.02

    Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.

  • CVE-2018-10570MedApr 30, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.

  • CVE-2018-9992MedApr 11, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.

  • CVE-2018-9991MedApr 11, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.

  • CVE-2018-20448Dec 25, 2018
    risk 0.03cvss epss 0.02

    Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.

  • CVE-2007-2299Apr 26, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.

  • CVE-2006-4536Sep 5, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.

  • CVE-2019-1010235Jul 22, 2019
    risk 0.00cvss epss 0.01

    Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.

  • CVE-2018-20773Feb 11, 2019
    risk 0.00cvss epss 0.02

    Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.

  • CVE-2018-20774Feb 11, 2019
    risk 0.00cvss epss 0.01

    Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.

  • CVE-2018-20772Feb 11, 2019
    risk 0.00cvss epss 0.02

    Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.

  • CVE-2018-20775Feb 11, 2019
    risk 0.00cvss epss 0.02

    admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.

  • CVE-2018-20777Feb 11, 2019
    risk 0.00cvss epss 0.01

    Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.

  • CVE-2019-6243Jan 12, 2019
    risk 0.00cvss epss 0.01

    Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).

  • CVE-2018-19844Dec 31, 2018
    risk 0.00cvss epss 0.01

    FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.