CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type Values Removed Values Added
References () https://bugzilla.suse.com/show_bug.cgi?id=1165721 - Exploit, Issue Tracking, Third Party Advisory () https://bugzilla.suse.com/show_bug.cgi?id=1165721 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656 - Patch () https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656 - Patch
References () https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207 - Patch () https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207 - Patch
References () https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 - Patch () https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 - Patch

Information

Published : 2020-03-09 16:15

Updated : 2024-11-21 04:55


NVD link : CVE-2020-10235

Mitre link : CVE-2020-10235

CVE.ORG link : CVE-2020-10235


JSON object : View

Products Affected

froxlor

  • froxlor
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-116

Improper Encoding or Escaping of Output