Froxlor 安全漏洞

Froxlor is a set of lightweight server management software from the Froxlor team. A command execution vulnerability exists in versions prior to froxlor 2.0.21 that stems from an output encoding or escaping error. An attacker can exploit the vulnerability to cause command execution...

PT-2023-25676 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.21 Description: The issue is related to improper encoding or escaping of output in the GitHub repository froxlor/froxlor. Recommendations: For versions prior to 2.0.21, update to version 2.0.21 or later to resolv...

Session Fixation

froxlor/froxlor is vulnerable to Session Fixation. The vulnerability exists because it does not properly regenerate session ids, which allows an attacker to login on behalf of a user if they have access to an old session cookie...

Remote Command Execution by Improper Escaping of Output

Description Improper Encoding or Escaping of Output in Froxlor export configuration. Hackers can use it to create a json file with PHP code inside then trigger the code by set php-fpm to process .json extension. php foreach $POST'system' as $sysdaemon $params'system' = $sysdaemon; $paramscontent ...

Brute Force Attack

froxlor/froxlor is vulnerable to Brute Force Attacks. The vulnerability exists because it does not limit 2FA attempts, which allows an attacker to brute force the user credentials and perform unauthorized actions...

Path Traversal

froxlor/froxlor is vulnerable to Path Traversal. The vulnerability exists due to a lack of file path validation in adminautoupdate.php, which allows an attacker to access files outside the expected directory and read arbitrary files through relative paths such as \..filename...

SUSE CVE-2023-3173

Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20...

SUSE CVE-2023-3172

Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20...

SUSE CVE-2023-3192

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0...

GHSA-JR66-9GHF-6GP3 Froxlor Session Fixation vulnerability

Versions of froxlor/froxlor prior to release 2.1.0 did not regenerate session ids appropriately which may result in session fixation...

Froxlor Session Fixation vulnerability

Versions of froxlor/froxlor prior to release 2.1.0 did not regenerate session ids appropriately which may result in session fixation...

CVE-2023-3192

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0...

CVE-2023-3192

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0...

Session fixation

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0...

CVE-2023-3192 Session Fixation in froxlor/froxlor

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0...

Froxlor 授权问题漏洞

Froxlor is a lightweight server management software from the Froxlor team. An authorization issue vulnerability exists in versions of Froxlor prior to 2.1.0 that stems from session fixing...

CVE-2023-3192

CVE-2023-3192 affects froxlor/froxlor versions prior to 2.1.0. The root cause is failure to regenerate session IDs, which may enable session fixation . Documents consistently describe this issue and its impact as an authorization/session management risk. The primary remediation is to upgrade to v...

PT-2023-23520 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor/froxlor versions prior to 2.1.0 Description: The issue is related to session fixation, where session ids are not regenerated appropriately. This may result in session fixation. Recommendations: For versions prior to 2.1.0, update to...

CVE-2023-3192 Session Fixation in froxlor/froxlor

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0...

GHSA-CHW4-88XC-79W6 Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts

Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20...