An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1165721 | Exploit Issue Tracking Third Party Advisory |
https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656 | Patch |
https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207 | Patch |
https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 | Patch |
Configurations
History
No history.
Information
Published : 2020-03-09 16:15
Updated : 2024-02-28 17:28
NVD link : CVE-2020-10235
Mitre link : CVE-2020-10235
CVE.ORG link : CVE-2020-10235
JSON object : View
Products Affected
froxlor
- froxlor