Multiple vulnerabilities in Frog CMS

1) Code Injection

EUVDB-ID: #VU36160

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-20772

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/24

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Code Injection

EUVDB-ID: #VU36161

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-20773

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/23

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cross-site scripting

EUVDB-ID: #VU36162

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-20774

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing the admin/?/layout/edit/1 Body field. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/26

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Code Injection

EUVDB-ID: #VU36163

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-20775

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/27

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU36164

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-20776

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Frog CMS 0.9.5 provides a directory listing for a /public request.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/21

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cross-site scripting

EUVDB-ID: #VU36165

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-20777

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing the admin/?/snippet/edit/1 Body field. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/25

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cross-site scripting

EUVDB-ID: #VU36166

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-20778

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via "admin/?/plugin/file_manager" when creating a new file containing a crafted attribute of an IMG element. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website .

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/28

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Cross-site scripting

EUVDB-ID: #VU36242

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-6243

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks via the forgot password page (aka the /admin/?/login/forgot URI).

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://somerandomshitwbu.blogspot.com/2019/01/another-xss-on-frog-cms-open-source.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Cross-site scripting

EUVDB-ID: #VU36246

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-20680

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the admin/?/page/edit/1 body field. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/22

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Cross-site scripting

EUVDB-ID: #VU36266

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-20448

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing the Database name field to the /install/index.php URI. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/20
https://www.exploit-db.com/exploits/46067/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Arbitrary file upload

EUVDB-ID: #VU36739

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-16373

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/13

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Cross-site scripting

EUVDB-ID: #VU36740

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-16374

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Arbitrary file upload

EUVDB-ID: #VU37134

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-11098

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://github.com/philippe/FrogCMS/issues/11

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Arbitrary file upload

EUVDB-ID: #VU37378

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2014-4912

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file extension when uploading files. A remote attacker can upload and execute arbitrary file on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Frog CMS: 0.9.5

CPE2.3

• cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*

External links

https://www.exploit-db.com/exploits/33983/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.