CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25872
https://notcve.org/view.php?id=CVE-2020-25872
29 Oct 2021 — A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter. Se presenta una vulnerabilidad dentro de la función FileManagerController.php en FrogCMS versión 0.9.5, que permite a un atacante llevar a cabo un ataque de salto de directorio por medio de un parámetro urlencode de petición GET • https://github.com/philippe/FrogCMS/issues/34 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26794
https://notcve.org/view.php?id=CVE-2021-26794
23 Sep 2021 — Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. Una escalada de privilegios en el archivo "upload.php" en FrogCMS SentCMS versión v0.9.5, permite a un atacante ejecutar código arbitrario por medio de un archivo php diseñado • https://github.com/philippe/FrogCMS/issues/11 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19844
https://notcve.org/view.php?id=CVE-2018-19844
31 Dec 2018 — FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. La versión 0.9.5 de FROG tiene Cross-Site Scripting (XSS) en el parámetro "name" en "admin/?/snippet/add" el cual es manejado incorrectamente durante una acción edit. Este problema está relacionado con CVE-2018-10319. • https://github.com/security-breachlock/CVE-2018-19844/blob/master/frog_CMS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16447
https://notcve.org/view.php?id=CVE-2018-16447
04 Sep 2018 — Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. Frog CMS 0.9.5 tiene Cross-Site Request Forgery (CSRF) en admin/?/user/edit/1. • https://github.com/philippe/FrogCMS/issues/12 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10806
https://notcve.org/view.php?id=CVE-2018-10806
08 May 2018 — An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. Se ha descubierto un problema en Frog CMS 0.9.5. • https://github.com/philippe/FrogCMS/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10570
https://notcve.org/view.php?id=CVE-2018-10570
30 Apr 2018 — Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) en /install/index.php mediante el campo ['config']['admin_username']. • https://github.com/philippe/FrogCMS/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 1%CPEs: 1EXPL: 3CVE-2018-10321 – Frog CMS 0.9.5 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10321
24 Apr 2018 — Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. Frog CMS 0.9.5 tiene una vulnerabilidad de Cross-Site Scripting (XSS) persistente mediante "Admin Site title" en Settings. Frog CMS version 0.9.5 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/147398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10318
https://notcve.org/view.php?id=CVE-2018-10318
24 Apr 2018 — Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el parámetro admin/?/page/edit page[keywords], también conocido como Edit Page Metadata. • https://github.com/philippe/FrogCMS/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10319
https://notcve.org/view.php?id=CVE-2018-10319
24 Apr 2018 — Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el parámetro admin/?/snippet/edit snippet[name], también conocido como Edit Snippet. • https://github.com/philippe/FrogCMS/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10320
https://notcve.org/view.php?id=CVE-2018-10320
24 Apr 2018 — Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el parámetro admin/?/layout/edit layout[name], también conocido como Edit Layout. • https://github.com/philippe/FrogCMS/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •