CVE-2018-10570

Name of the Vulnerable Software and Affected Versions: Frog CMS version 0.9.5

Description: The issue concerns a security problem where an attacker can inject malicious code. The estimated number of potentially affected devices is not provided. The problem can be exploited through the "/install/index.php" API endpoint, specifically via the config array and the admin username field.

Recommendations: For Frog CMS version 0.9.5, as a temporary workaround, consider restricting access to the "/install/index.php" endpoint until a patch is available. Avoid using the admin username field in the config array within this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.