Lucene search
K

127 matches found

CVE
CVE
added 2024/08/12 12:0 a.m.55 views

CVE-2024-42628

FrogCMS v0.9.5 has a CSRF vulnerability exploitable via the endpoint /admin/?/snippet/edit/3. Affected component: FrogCMS 0.9.5; vulnerability type: CSRF with high impact (C/H/I/A). Public exploitation details are not provided in the available documents. Remediation: no patch/version info is stat...

8.8CVSS7.2AI score0.00279EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/08/12 12:0 a.m.55 views

CVE-2024-42626

FrogCMS v0.9.5 contains a Cross-Site Request Forgery (CSRF) vulnerability exploitable via /admin/?/snippet/add. The CVE description explicitly identifies a CSRF issue and notes a high impact (C/H/I/A = High) with CVSSv3.1 base metrics: AV:N, AC:L, PR:N, UI:R, S:U, C:H, I:H, A:H. Connected sources...

8.8CVSS7.2AI score0.00279EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/08/12 12:0 a.m.60 views

CVE-2024-42627

The vulnerability CVE-2024-42627 affects FrogCMS v0.9.5. A CSRF flaw exists in the admin endpoint /admin/?/snippet/delete/3, enabling an attacker to induce a logged-in user to perform a state-changing action. The root cause described across sources is insufficient verification of the request’s or...

8.8CVSS7.2AI score0.00279EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/08/12 12:0 a.m.62 views

CVE-2024-42632

FrogCMS v0.9.5 is affected by a CSRF vulnerability exploitable via /admin/?/page/add. CVSSv3.1: 8.8 (HIGH) with users required and network access. The root cause is a Cross-Site Request Forgery condition; no fixed version is confirmed in provided docs. Red Hat/PTSecurity references confirm the en...

8.8CVSS7.2AI score0.0031EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/08/12 12:0 a.m.59 views

CVE-2024-42631

FrogCMS v0.9.5 contains a Cross-Site Request Forgery (CSRF) flaw exploitable via the admin path /admin/?/layout/edit/1. The Red Hat/NVD/CVE records confirm the vulnerability in FrogCMS 0.9.5 with high impact (C/H/I/A) and user interaction required. The connected documents provide the vulnerabilit...

8.8CVSS7.2AI score0.0031EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/08/12 12:0 a.m.23 views

CVE-2024-42626

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/snippet/add...

0.00279EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/12 12:0 a.m.28 views

CVE-2024-42631

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/layout/edit/1...

0.0031EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/12 12:0 a.m.16 views

CVE-2024-42629

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/page/edit/10...

0.00212EPSS
Exploits1References1
CVE
CVE
added 2024/08/12 12:0 a.m.57 views

CVE-2024-42624

FrogCMS v0.9.5 is affected by a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /admin/?/page/delete/10 endpoint. The issue is documented with a high impact (C/H/I/A) and CVSS 3.1 score 8.8. Attack vector is network, but requires user interaction (UI:R), and no privileges are ...

8.8CVSS7.2AI score0.00279EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/11/07 12:0 a.m.18 views

FrogCMS SentCMS Remote Code Execution (CVE-2021-26794)

A remote code execution vulnerability exists in FrogCMS SentCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS9.5AI score0.01552EPSS
Exploits1
CNVD
CNVD
added 2021/11/02 12:0 a.m.15 views

FrogCMS Path Traversal Vulnerability

FrogCms is an HTTP server. A path traversal vulnerability exists in FrogCMS, which stems from a vulnerability in the FileManagerController.php function in FrogCMS version 0.9.5, which can be exploited to perform a directory traversal attack via the GET request urlencode parameter...

4.9CVSS5.1AI score0.01131EPSS
Exploits1References1
NVD
NVD
added 2021/10/29 8:15 p.m.22 views

CVE-2020-25872

A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter...

4.9CVSS0.01131EPSS
Exploits1References1
OSV
OSV
added 2021/10/29 8:15 p.m.3 views

CVE-2020-25872

A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter...

4.9CVSS5.8AI score0.01131EPSS
Exploits1References1
Prion
Prion
added 2021/10/29 8:15 p.m.15 views

Directory traversal

A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter...

4CVSS5AI score0.01131EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/10/29 7:11 p.m.49 views

CVE-2020-25872

Affected product: FrogCMS 0.9.5. The vulnerability is in FileManagerController.php and allows a directory traversal attack via a GET request urlencode parameter. This is a path traversal issue in the Web UI/file handling code, enabling an attacker to access files outside the intended root. The co...

4.9CVSS5AI score0.01131EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/10/29 12:0 a.m.4 views

FrogCms 路径遍历漏洞

FrogCms is an HTTP server. A path traversal vulnerability exists in FrogCMS, which stems from a vulnerability in the FileManagerController.php function in FrogCMS version 0.9.5, which can be exploited to perform a directory traversal attack via the GET request urlencode parameter...

4.9CVSS5.5AI score0.01131EPSS
Exploits1References2
CNVD
CNVD
added 2021/09/28 12:0 a.m.13 views

FrogCMS File Upload Vulnerability

FrogCMS an open source content management system. FrogCMS file upload vulnerability exists, the vulnerability is due to product design flaws do not limit the file upload, an attacker can use this vulnerability to upload malicious files to remotely execute arbitrary code...

9.8CVSS9.8AI score0.01552EPSS
Exploits1References1
OSV
OSV
added 2021/09/23 5:15 p.m.2 views

CVE-2021-26794

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...

9.8CVSS7.6AI score0.01552EPSS
Exploits1References1
NVD
NVD
added 2021/09/23 5:15 p.m.24 views

CVE-2021-26794

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...

9.8CVSS0.01552EPSS
Exploits1References1
CVE
CVE
added 2021/09/23 3:15 p.m.45 views

CVE-2021-26794

CVE-2021-26794 affects FrogCMS SentCMS v0.9.5, allowing remote code execution via a crafted PHP file uploaded through upload.php. Multiple connected sources (RH Red Hat, CVE lists, CP advisories, CNVD/CNNVD equivalents, and CVE records) describe it as a privilege escalation leading to arbitrary c...

9.8CVSS9.8AI score0.01552EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder