CVE-2014-4912

CRITICAL

Frog CMS 0.9.5 - Unrestricted File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4912. PoCs published by Javid Hussain.

AI-analyzed exploit summary The exploit describes an arbitrary file upload vulnerability in Frog CMS 0.9.5 due to improper file extension verification in the filemanager plugin. Authenticated users can upload executable PHP files and trigger them without authentication.

Description

An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Javid Hussain · textwebappsphp

https://www.exploit-db.com/exploits/33983

View Code ZIP pw:eip

The exploit describes an arbitrary file upload vulnerability in Frog CMS 0.9.5 due to improper file extension verification in the filemanager plugin. Authenticated users can upload executable PHP files and trigger them without authentication.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Frog CMS 0.9.5

Auth required

Prerequisites: Authenticated access to Frog CMS admin panel · Filemanager plugin enabled

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/33983/

Scores

CVSS v3 9.8

EPSS 0.0848

EPSS Percentile 92.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

frog_cms_project/frog_cms 0.9.5

Published Mar 22, 2018

Tracked Since Feb 18, 2026