661 matches found
GHSA-VP4R-H765-5MWP Code Injection in froxlor/froxlor
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...
CVE-2023-0877 Code Injection in froxlor/froxlor
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...
CVE-2023-0877 Code Injection in froxlor/froxlor
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...
CVE-2023-0877
CVE-2023-0877 affects Froxlor prior to 2.0.11. Affected component: Froxlor software; vulnerability type: Code Injection (as described in multiple sources). Root cause details are not exhaustively described in the provided documents, but the CVE is reported with a Network attack vector and high im...
CVE-2023-0877 Code Injection in froxlor/froxlor
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...
Froxlor 代码注入漏洞
Froxlor is a lightweight server management software from the Froxlor team. A code injection vulnerability exists in Froxlor versions prior to 2.0.11, which stems from the presence of code injection...
SUSE CVE-2016-5100
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...
SUSE CVE-2018-12642
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user...
SUSE CVE-2018-1000527
Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...
SUSE CVE-2020-10236
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...
SUSE CVE-2020-10235
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...
SUSE CVE-2020-10237
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time,...
SUSE CVE-2020-29653
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags...
SUSE CVE-2021-42325
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name...
SUSE CVE-2022-3017
Cross-Site Request Forgery CSRF in GitHub repository froxlor/froxlor prior to 0.10.38...
SUSE CVE-2023-0315
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8...
SUSE CVE-2023-0316
Path Traversal: '..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0...
SUSE CVE-2023-0564
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10...
SUSE CVE-2023-0565
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10...
SUSE CVE-2023-0572
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...