froxlor/froxlor is vulnerable to Path Traversal. A remote attacker is able to use path traversal to leak local files such as /etc/passwd
or config
, because there is no filename validation for logo_image_login
and logo_image_header
on import
and export
functions.
CPE | Name | Operator | Version |
---|---|---|---|
froxlor/froxlor | le | 0.10.38.3 | |
froxlor/froxlor | le | 0.10.38.3 |