VYPR
Vendor

Philippfrenzel

Products
1
CVEs
23
Across products
23
Status
Private

Products

1

Recent CVEs

23
View all 23 CVEs →
  • CVE-2014-4912CriMar 22, 2018
    risk 0.67cvss 9.8epss 0.09

    An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.

  • CVE-2018-16447HigSep 4, 2018
    risk 0.57cvss 8.8epss 0.01

    Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.

  • CVE-2018-20776HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.02

    Frog CMS 0.9.5 provides a directory listing for a /public request.

  • CVE-2018-20775HigFeb 11, 2019
    risk 0.47cvss 7.2epss 0.02

    admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.

  • CVE-2018-20773HigFeb 11, 2019
    risk 0.47cvss 7.2epss 0.02

    Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.

  • CVE-2018-20772HigFeb 11, 2019
    risk 0.47cvss 7.2epss 0.02

    Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.

  • CVE-2018-11098HigMay 15, 2018
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.

  • CVE-2018-20778MedFeb 11, 2019
    risk 0.40cvss 6.1epss 0.01

    admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.

  • CVE-2019-6243MedJan 12, 2019
    risk 0.40cvss 6.1epss 0.01

    Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).

  • CVE-2018-20448MedDec 25, 2018
    risk 0.38cvss 5.4epss 0.02

    Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.

  • CVE-2018-20774MedFeb 11, 2019
    risk 0.35cvss 5.4epss 0.01

    Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.

  • CVE-2018-10806MedMay 8, 2018
    risk 0.35cvss 5.4epss 0.00

    An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.

  • CVE-2018-10321MedApr 24, 2018
    risk 0.34cvss 4.8epss 0.02

    Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.

  • CVE-2018-16373MedSep 3, 2018
    risk 0.32cvss 4.9epss 0.01

    Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.

  • CVE-2018-20680MedJan 9, 2019
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.

  • CVE-2018-19844MedDec 31, 2018
    risk 0.31cvss 4.8epss 0.01

    FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.

  • CVE-2018-16374MedSep 3, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.

  • CVE-2018-10570MedApr 30, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.

  • CVE-2018-10320MedApr 24, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.

  • CVE-2018-10319MedApr 24, 2018
    risk 0.31cvss 4.8epss 0.01

    Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.