An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
bugzilla.suse.com/show_bug.cgi?id=1165721
github.com/Froxlor/Froxlor
github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656
github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207
github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14
nvd.nist.gov/vuln/detail/CVE-2020-10235