Froxlor: >> Froxlor >> 0.10.0 Security Vulnerabilities
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-31
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-12-31
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-12-30
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
CVSS Score
6.5
EPSS Score
0.149
Published
2022-11-05
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
CVSS Score
7.6
EPSS Score
0.004
Published
2022-11-04
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-08-28
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-13
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
CVSS Score
9.8
EPSS Score
0.055
Published
2021-10-12
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-03-09
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-09