2 matches found
CVE-2020-10235
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...
CVE-2020-10235
Froxlor before 0.10.14 is affected. The issue arises because database configuration options are passed unescaped to exec via _backupExistingDatabase in install/lib/class.FroxlorInstall.php, allowing remote attackers with access to the installation routine to execute arbitrary code. Impact is remo...