CVE-2018-20775

Name of the Vulnerable Software and Affected Versions: Frog CMS version 0.9.5

Description: The issue allows PHP code execution by creating a new .php file containing PHP code through the "admin/?/plugin/file manager" endpoint, and then visiting this file under the public/ URI.

Recommendations: For Frog CMS version 0.9.5, consider restricting access to the file manager plugin to minimize the risk of exploitation. Avoid using the file manager plugin until a patch is available. As a temporary workaround, consider disabling the execution of PHP code in the public/ URI to prevent exploitation.