Ke7B3R0Sop

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A vulnerability exists within the `FileManagerController.php` function in FrogCMS, allowing an attacker to perform a directory traversal attack via a GET request `urlencode` parameter. Recommendations: For FrogCMS version 0.9.5, consider restricting access to the `FileManagerController.php` function until a patch is available. As a temporary workaround, avoid using the `urlencode` parameter in GET requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Baijiacms V4 Description: A directory traversal issue was found in the system/manager/class/web/database.php component, allowing attackers to delete folders on the server using the `id` parameter. Recommendations: For Baijiacms V4, consider restricting access to the vulnerable component system/manager/class/web/database.php until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected API endpoint to minimize the risk of exploitation.