philippe/FrogCMS

Releases0

Stars160

Frog CMS simplifies content management by offering an elegant user interface, flexible templating per page, simple user management and permissions, as well as the tools necessary for file management.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-25872 ↗	Oct 29, 2021Friday, 29 October 2021, 20:15	4.9 MEDIUM	4 MEDIUM
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.
CVE-2021-26794 ↗	Sep 23, 2021Thursday, 23 September 2021, 17:15	9.8 CRITICAL	7.5 HIGH
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.
CVE-2018-20778 ↗	Feb 11, 2019Monday, 11 February 2019, 02:29	—	4.3 MEDIUM
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
CVE-2018-20777 ↗	Feb 11, 2019Monday, 11 February 2019, 02:29	—	3.5 LOW
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
CVE-2018-20776 ↗	Feb 11, 2019Monday, 11 February 2019, 02:29	—	5 MEDIUM
Frog CMS 0.9.5 provides a directory listing for a /public request.
CVE-2018-20775 ↗	Feb 11, 2019Monday, 11 February 2019, 02:29	—	6.5 MEDIUM
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
CVE-2018-20774 ↗	Feb 11, 2019Monday, 11 February 2019, 02:29	—	3.5 LOW
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
CVE-2018-20773 ↗	Feb 11, 2019Monday, 11 February 2019, 02:29	—	6.5 MEDIUM
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
CVE-2018-20772 ↗	Feb 11, 2019Monday, 11 February 2019, 02:29	—	6.5 MEDIUM
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
CVE-2018-20680 ↗	Jan 9, 2019Wednesday, 9 January 2019, 17:29	—	3.5 LOW
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
CVE-2018-20448 ↗	Dec 25, 2018Tuesday, 25 December 2018, 16:29	—	3.5 LOW
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
CVE-2018-16447 ↗	Sep 4, 2018Tuesday, 4 September 2018, 04:29	—	6.8 MEDIUM
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
CVE-2018-16374 ↗	Sep 3, 2018Monday, 3 September 2018, 00:29	—	3.5 LOW
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
CVE-2018-16373 ↗	Sep 3, 2018Monday, 3 September 2018, 00:29	—	4 MEDIUM
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
CVE-2018-11098 ↗	May 15, 2018Tuesday, 15 May 2018, 01:29	—	6.5 MEDIUM
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
CVE-2018-10806 ↗	May 8, 2018Tuesday, 8 May 2018, 07:29	—	3.5 LOW
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.
CVE-2018-10570 ↗	Apr 30, 2018Monday, 30 April 2018, 16:29	—	3.5 LOW
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.
CVE-2018-10321 ↗	Apr 24, 2018Tuesday, 24 April 2018, 06:29	—	3.5 LOW
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
CVE-2018-10318 ↗	Apr 24, 2018Tuesday, 24 April 2018, 02:29	—	3.5 LOW
Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
CVE-2018-10320 ↗	Apr 24, 2018Tuesday, 24 April 2018, 02:29	—	3.5 LOW
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
CVE-2018-10319 ↗	Apr 24, 2018Tuesday, 24 April 2018, 02:29	—	3.5 LOW
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.