127 matches found
CVE-2024-42628
FrogCMS v0.9.5 has a CSRF vulnerability exploitable via the endpoint /admin/?/snippet/edit/3. Affected component: FrogCMS 0.9.5; vulnerability type: CSRF with high impact (C/H/I/A). Public exploitation details are not provided in the available documents. Remediation: no patch/version info is stat...
CVE-2024-42626
FrogCMS v0.9.5 contains a Cross-Site Request Forgery (CSRF) vulnerability exploitable via /admin/?/snippet/add. The CVE description explicitly identifies a CSRF issue and notes a high impact (C/H/I/A = High) with CVSSv3.1 base metrics: AV:N, AC:L, PR:N, UI:R, S:U, C:H, I:H, A:H. Connected sources...
CVE-2024-42627
The vulnerability CVE-2024-42627 affects FrogCMS v0.9.5. A CSRF flaw exists in the admin endpoint /admin/?/snippet/delete/3, enabling an attacker to induce a logged-in user to perform a state-changing action. The root cause described across sources is insufficient verification of the request’s or...
CVE-2024-42632
FrogCMS v0.9.5 is affected by a CSRF vulnerability exploitable via /admin/?/page/add. CVSSv3.1: 8.8 (HIGH) with users required and network access. The root cause is a Cross-Site Request Forgery condition; no fixed version is confirmed in provided docs. Red Hat/PTSecurity references confirm the en...
CVE-2024-42631
FrogCMS v0.9.5 contains a Cross-Site Request Forgery (CSRF) flaw exploitable via the admin path /admin/?/layout/edit/1. The Red Hat/NVD/CVE records confirm the vulnerability in FrogCMS 0.9.5 with high impact (C/H/I/A) and user interaction required. The connected documents provide the vulnerabilit...
CVE-2024-42626
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/snippet/add...
CVE-2024-42631
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/layout/edit/1...
CVE-2024-42629
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/page/edit/10...
CVE-2024-42624
FrogCMS v0.9.5 is affected by a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /admin/?/page/delete/10 endpoint. The issue is documented with a high impact (C/H/I/A) and CVSS 3.1 score 8.8. Attack vector is network, but requires user interaction (UI:R), and no privileges are ...
FrogCMS SentCMS Remote Code Execution (CVE-2021-26794)
A remote code execution vulnerability exists in FrogCMS SentCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
FrogCMS Path Traversal Vulnerability
FrogCms is an HTTP server. A path traversal vulnerability exists in FrogCMS, which stems from a vulnerability in the FileManagerController.php function in FrogCMS version 0.9.5, which can be exploited to perform a directory traversal attack via the GET request urlencode parameter...
CVE-2020-25872
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter...
CVE-2020-25872
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter...
Directory traversal
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter...
CVE-2020-25872
Affected product: FrogCMS 0.9.5. The vulnerability is in FileManagerController.php and allows a directory traversal attack via a GET request urlencode parameter. This is a path traversal issue in the Web UI/file handling code, enabling an attacker to access files outside the intended root. The co...
FrogCms 路径遍历漏洞
FrogCms is an HTTP server. A path traversal vulnerability exists in FrogCMS, which stems from a vulnerability in the FileManagerController.php function in FrogCMS version 0.9.5, which can be exploited to perform a directory traversal attack via the GET request urlencode parameter...
FrogCMS File Upload Vulnerability
FrogCMS an open source content management system. FrogCMS file upload vulnerability exists, the vulnerability is due to product design flaws do not limit the file upload, an attacker can use this vulnerability to upload malicious files to remotely execute arbitrary code...
CVE-2021-26794
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...
CVE-2021-26794
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...
CVE-2021-26794
CVE-2021-26794 affects FrogCMS SentCMS v0.9.5, allowing remote code execution via a crafted PHP file uploaded through upload.php. Multiple connected sources (RH Red Hat, CVE lists, CP advisories, CNVD/CNNVD equivalents, and CVE records) describe it as a privilege escalation leading to arbitrary c...