An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
References
Link | Resource |
---|---|
https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656 | Patch |
https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 | Patch |
https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207 | Patch |
https://bugzilla.suse.com/show_bug.cgi?id=1165721 | Exploit Issue Tracking Third Party Advisory |
Configurations
Information
Published : 2020-03-09 09:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-10235
Mitre link : CVE-2020-10235
JSON object : View
CWE
Products Affected
froxlor
- froxlor