An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1165721 | Exploit Issue Tracking Third Party Advisory |
https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656 | Patch |
https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207 | Patch |
https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 | Patch |
https://bugzilla.suse.com/show_bug.cgi?id=1165721 | Exploit Issue Tracking Third Party Advisory |
https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656 | Patch |
https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207 | Patch |
https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 | Patch |
Configurations
History
21 Nov 2024, 04:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.suse.com/show_bug.cgi?id=1165721 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656 - Patch | |
References | () https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207 - Patch | |
References | () https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 - Patch |
Information
Published : 2020-03-09 16:15
Updated : 2024-11-21 04:55
NVD link : CVE-2020-10235
Mitre link : CVE-2020-10235
CVE.ORG link : CVE-2020-10235
JSON object : View
Products Affected
froxlor
- froxlor