Lucene search
GoogleOSV:GHSA-P29C-JPGJ-V57RHistoryMay 24, 2022 - 5:10 p.m.
Froxlor arbitrary code execution via the database configuration options
2022-05-2417:10:26
Google
osv.dev
2
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
References
bugzilla.suse.com/show_bug.cgi?id=1165721
github.com/Froxlor/Froxlor
github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656
github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207
github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14
nvd.nist.gov/vuln/detail/CVE-2020-10235
Related
veracode
veracode
Arbitrary Code Execution
2020-03-10 01:33:47
osv
osv
CVE-2020-10235
2020-03-09 16:15:12
cve
cve
CVE-2020-10235
2020-03-09 16:15:12
nvd
nvd
CVE-2020-10235
2020-03-09 16:15:12
prion
prion
Code injection
2020-03-09 16:15:00
cvelist
cvelist
CVE-2020-10235
2020-03-09 15:04:46
github
github
Froxlor arbitrary code execution via the database configuration options
2022-05-24 17:10:26