froxlor/froxlor is vulnerable to arbitrary code execution. The _backupExistingDatabase
in install/lib/class.FroxlorInstall.php
allows remote attackers with access to the installation routine to execute arbitrary code due to the unescaped database configuration options being passed to exec
.
CPE | Name | Operator | Version |
---|---|---|---|
froxlor/froxlor | le | 0.10.13 |