Home / Early Warning / Vulnerabilidades / CVE-2018-20775

CVE-2018-20775

Type: 
Code Injection
Severity: 
Medium
Publication date: 
02/10/2019
Last modified: 
02/11/2019
Description
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Requires a single instance to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • Frog Cms Project Frog Cms 0.9.5
References to Advisories, Solutions, and Tools
Explanation of fields