Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
frogcms project frogcms 0.9.5 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-10806
An issue exists in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.
Frogcms Project Frogcms 0.9.5
7.5
CVSSv2
CVE-2021-26794
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows malicious user to execute arbitrary code via crafted php file.
Frogcms Project Frogcms 0.9.5
3.5
CVSSv2
CVE-2018-10318
Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
Frogcms Project Frogcms 0.9.5
3.5
CVSSv2
CVE-2018-10321
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
Frogcms Project Frogcms 0.9.5
1 EDB exploit
4
CVSSv2
CVE-2020-25872
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an malicious user to perform a directory traversal attack via a GET request urlencode parameter.
Frogcms Project Frogcms 0.9.5
3.5
CVSSv2
CVE-2018-10319
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
Frogcms Project Frogcms 0.9.5
3.5
CVSSv2
CVE-2018-10320
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
Frogcms Project Frogcms 0.9.5
3.5
CVSSv2
CVE-2018-10570
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.
Frogcms Project Frogcms 0.9.5
6.8
CVSSv2
CVE-2018-16447
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
Frogcms Project Frogcms 0.9.5
3.5
CVSSv2
CVE-2018-19844
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
Frogcms Project Frogcms 0.9.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started