CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10028
https://notcve.org/view.php?id=CVE-2018-10028
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. joyplus-cms 1.6.0 permite que los atacantes remotos obtengan información sensible mediante una petición directa a los URI install/ o log/. • https://github.com/joyplus/joyplus-cms/issues/422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9991
https://notcve.org/view.php?id=CVE-2018-9991
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante los parámetros /admin/?/user/add Name o Username. • https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9992
https://notcve.org/view.php?id=CVE-2018-9992
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el campo nombre de un nuevo "File" (archivo) o "Directory" (directorio) en la pantalla admin/?/plugin/file_manager/browse/. • https://gist.github.com/priyanksethi/48cce2fc4257213c8aca91e3c82a4ad3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-8908 – Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
https://notcve.org/view.php?id=CVE-2018-8908
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. • https://www.exploit-db.com/exploits/44383 http://securitywarrior9.blogspot.in/2018/03/cross-site-request-forgery-frog-cms-cve.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2014-4912 – Frog CMS 0.9.5 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4912
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. Se ha descubierto un problema de subida de archivos arbitrarios en Frog CMS 0.9.5 debido a la falta de validación de extensión. • https://www.exploit-db.com/exploits/33983 • CWE-434: Unrestricted Upload of File with Dangerous Type •