CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42628
https://notcve.org/view.php?id=CVE-2024-42628
12 Aug 2024 — FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3. • https://github.com/Kirtoc/cms/tree/main/5/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42630
https://notcve.org/view.php?id=CVE-2024-42630
12 Aug 2024 — FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. • https://github.com/Kirtoc/cms/tree/main/10/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42631
https://notcve.org/view.php?id=CVE-2024-42631
12 Aug 2024 — FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. • https://github.com/Kirtoc/cms/tree/main/7/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42632
https://notcve.org/view.php?id=CVE-2024-42632
12 Aug 2024 — FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. • https://github.com/Kirtoc/cms/tree/main/1/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25872
https://notcve.org/view.php?id=CVE-2020-25872
29 Oct 2021 — A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter. Se presenta una vulnerabilidad dentro de la función FileManagerController.php en FrogCMS versión 0.9.5, que permite a un atacante llevar a cabo un ataque de salto de directorio por medio de un parámetro urlencode de petición GET • https://github.com/philippe/FrogCMS/issues/34 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26794
https://notcve.org/view.php?id=CVE-2021-26794
23 Sep 2021 — Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. Una escalada de privilegios en el archivo "upload.php" en FrogCMS SentCMS versión v0.9.5, permite a un atacante ejecutar código arbitrario por medio de un archivo php diseñado • https://github.com/philippe/FrogCMS/issues/11 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19844
https://notcve.org/view.php?id=CVE-2018-19844
31 Dec 2018 — FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. La versión 0.9.5 de FROG tiene Cross-Site Scripting (XSS) en el parámetro "name" en "admin/?/snippet/add" el cual es manejado incorrectamente durante una acción edit. Este problema está relacionado con CVE-2018-10319. • https://github.com/security-breachlock/CVE-2018-19844/blob/master/frog_CMS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16447
https://notcve.org/view.php?id=CVE-2018-16447
04 Sep 2018 — Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. Frog CMS 0.9.5 tiene Cross-Site Request Forgery (CSRF) en admin/?/user/edit/1. • https://github.com/philippe/FrogCMS/issues/12 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10806
https://notcve.org/view.php?id=CVE-2018-10806
08 May 2018 — An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. Se ha descubierto un problema en Frog CMS 0.9.5. • https://github.com/philippe/FrogCMS/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10570
https://notcve.org/view.php?id=CVE-2018-10570
30 Apr 2018 — Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) en /install/index.php mediante el campo ['config']['admin_username']. • https://github.com/philippe/FrogCMS/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •