CVE-2023-0572 Unchecked Error Condition in froxlor/froxlor

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...

PT-2023-16374 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.10 Description: The issue is related to an unchecked error condition in the GitHub repository froxlor/froxlor. Recommendations: For versions prior to 2.0.10, update to version 2.0.10 or later to resolve the issue...

PT-2023-16370 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.10 Description: The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. This could potentially allow for static code injection. Recommendations: Fo...

PT-2023-16369 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.10 Description: The issue concerns Business Logic Errors in the GitHub repository froxlor/froxlor. Recommendations: For versions prior to 2.0.10, update to version 2.0.10 or later to resolve the issue...

CVE-2023-0565 Business Logic Errors in froxlor/froxlor

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10...

CVE-2023-0566 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in froxlor/froxlor prior to 2.0.10...

CVE-2023-0564

CVE-2023-0564 affects froxlor/froxlor prior to version 2.0.10. The connected documents describe a weakness in password requirements, i.e., weak passwords, as the underlying issue. There is no explicit exploit detail provided in the documents, and no product-specific exploit data is cited. The mos...

CVE-2023-0564 Weak Password Requirements in froxlor/froxlor

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10...

PT-2023-16368 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor/froxlor versions prior to 2.0.10 Description: The issue concerns weak password requirements in the GitHub repository froxlor/froxlor. Recommendations: For versions prior to 2.0.10, update to version 2.0.10 or later to resolve the issu...

CVE-2023-0566 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in froxlor/froxlor prior to 2.0.10...

CVE-2023-0566 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in froxlor/froxlor prior to 2.0.10...

CVE-2023-0564 Weak Password Requirements in froxlor/froxlor

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10...

CVE-2023-0572 Unchecked Error Condition in froxlor/froxlor

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...

Privilege Escalation from customer to root

Privilege Escalation from Customer to Root First of all, sorry for the formatting of the report, but this platform is a mess. I can't attach any PoC files added chapters at the end of the report instead, can't attach any screenshots, nor provide a report as PDF. And btw markdown is only partly...

Path Traversal

froxlor/froxlor is vulnerable to Path Traversal. A remote attacker is able to use path traversal to leak local files such as /etc/passwd or config, because there is no filename validation for logoimagelogin and logoimageheader on import and export functions...

Command Injection

froxlor/froxlor is vulnerable to Command Injection. The vulnerability is due to an Arbitrary File Write in the logging module which allows an attacker to overwrite an arbitrary file, and Template Injection. A remote authenticated attacker can chain these vulnerabilities together, resulting in...

GHSA-CP68-42PF-6627 Froxlor vulnerable to Command Injection

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8...

GHSA-XP3G-2729-RXM3 Froxlor is vulnerable to path traversal

Path Traversal: '..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0...

Froxlor vulnerable to Command Injection

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8...

Froxlor is vulnerable to path traversal

Path Traversal: '..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0...