Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
 | Froxlor 2.0.6 Remote Command Execution Exploit | 27 Feb 202300:00 | – | zdt |
| Froxlor 2.0.3 Stable - Remote Code Execution Exploit | 5 Apr 202300:00 | – | zdt |
 | Exploit for Command Injection in Froxlor | 29 Jan 202321:20 | – | githubexploit |
 | CVE-2023-0315 | 16 Jan 202307:23 | – | circl |
 | Froxlor 命令注入漏洞 | 16 Jan 202300:00 | – | cnnvd |
 | CVE-2023-0315 Command Injection in froxlor/froxlor | 16 Jan 202300:00 | – | cvelist |
 | Froxlor 2.0.3 Stable - Remote Code Execution (RCE) | 5 Apr 202300:00 | – | exploitdb |
 | Froxlor 2.0.6 Remote Command Execution via Arbitrary File Write and Server Side Template Injection | 11 Jan 202301:34 | – | huntr |
 | Froxlor vulnerable to Command Injection | 16 Jan 202303:30 | – | github |
 | Froxlor Log Path RCE | 22 Feb 202319:52 | – | metasploit |
10
[
{
"vendor": "froxlor",
"product": "froxlor/froxlor",
"versions": [
{
"version": "unspecified",
"lessThan": "2.0.8",
"status": "affected",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| logger_logfile | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| csrf_token | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| logger_enabled | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| logger_severity | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| logger_logtypes[] | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| logger_log_cron | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| page | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| action | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| send | request body | /admin_settings.php?page=overview&part=logging | Change the log file path to a writable Twig template path via the admin settings form (log path path-traversal/RCE vector). | CWE-77 |
| theme | request body | /admin_index.php | Inject a Twig-exec payload via the theme parameter to achieve code execution when the template is rendered. | CWE-77 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Nov 2024 07:36Current
7.9High risk
Vulners AI Score7.9
CVSS 3.18.8
CVSS 37.2
EPSS0.89127
SSVC