CMS Frogss
Products
2- 16 CVEs
- 1 CVE
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8908 | Hig | 0.60 | 8.8 | 0.02 | Mar 31, 2018 | An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin… | ||
| CVE-2018-11098 | Hig | 0.47 | 7.2 | 0.01 | May 15, 2018 | An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. | ||
| CVE-2018-10321 | Med | 0.34 | 4.8 | 0.02 | Apr 24, 2018 | Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. | ||
| CVE-2018-10570 | Med | 0.31 | 4.8 | 0.01 | Apr 30, 2018 | Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | ||
| CVE-2018-9992 | Med | 0.31 | 4.8 | 0.01 | Apr 11, 2018 | Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. | ||
| CVE-2018-9991 | Med | 0.31 | 4.8 | 0.01 | Apr 11, 2018 | Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. | ||
| CVE-2018-20448 | 0.03 | — | 0.02 | Dec 25, 2018 | Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. | |||
| CVE-2007-2299 | 0.03 | — | 0.01 | Apr 26, 2007 | Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536. | |||
| CVE-2006-4536 | 0.03 | — | 0.01 | Sep 5, 2006 | SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter. | |||
| CVE-2019-1010235 | 0.00 | — | 0.01 | Jul 22, 2019 | Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets. | |||
| CVE-2018-20773 | 0.00 | — | 0.02 | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | |||
| CVE-2018-20774 | 0.00 | — | 0.01 | Feb 11, 2019 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | |||
| CVE-2018-20772 | 0.00 | — | 0.02 | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | |||
| CVE-2018-20775 | 0.00 | — | 0.02 | Feb 11, 2019 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | |||
| CVE-2018-20777 | 0.00 | — | 0.01 | Feb 11, 2019 | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | |||
| CVE-2019-6243 | 0.00 | — | 0.01 | Jan 12, 2019 | Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | |||
| CVE-2018-19844 | 0.00 | — | 0.01 | Dec 31, 2018 | FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. |
- risk 0.60cvss 8.8epss 0.02
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin…
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
- risk 0.34cvss 4.8epss 0.02
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
- CVE-2018-20448Dec 25, 2018risk 0.03cvss —epss 0.02
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
- CVE-2007-2299Apr 26, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.
- CVE-2006-4536Sep 5, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.
- CVE-2019-1010235Jul 22, 2019risk 0.00cvss —epss 0.01
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
- CVE-2018-20773Feb 11, 2019risk 0.00cvss —epss 0.02
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
- CVE-2018-20774Feb 11, 2019risk 0.00cvss —epss 0.01
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
- CVE-2018-20772Feb 11, 2019risk 0.00cvss —epss 0.02
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
- CVE-2018-20775Feb 11, 2019risk 0.00cvss —epss 0.02
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
- CVE-2018-20777Feb 11, 2019risk 0.00cvss —epss 0.01
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
- CVE-2019-6243Jan 12, 2019risk 0.00cvss —epss 0.01
Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
- CVE-2018-19844Dec 31, 2018risk 0.00cvss —epss 0.01
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.