RSS   Vulnerabilities for 'Frogcms'   RSS

2021-10-29
 
CVE-2020-25872

CWE-22
 

 
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.

 
2021-09-23
 
CVE-2021-26794

CWE-434
 

 
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.

 
2018-12-31
 
CVE-2018-19844

CWE-79
 

 
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.

 
2018-12-25
 
CVE-2018-20448

CWE-79
 

 
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.

 
2018-09-04
 
CVE-2018-16447

CWE-352
 

 
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.

 
2018-05-08
 
CVE-2018-10806

CWE-79
 

 
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.

 
2018-04-30
 
CVE-2018-10570

CWE-79
 

 
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.

 
2018-04-24
 
CVE-2018-10321

CWE-79
 

 
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.

 
2018-04-23
 
CVE-2018-10320

CWE-79
 

 
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.

 
 
CVE-2018-10319

CWE-79
 

 
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.

 


Copyright 2024, cxsecurity.com

 

Back to Top