Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Froxlor Subscribe
Filtered by product Froxlor

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50256 1 Froxlor 1 Froxlor 2024-01-10 N/A 7.5 HIGH
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
CVE-2023-0564 1 Froxlor 1 Froxlor 2023-12-18 N/A 7.5 HIGH
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
CVE-2023-6069 1 Froxlor 1 Froxlor 2023-11-16 N/A 8.8 HIGH
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
CVE-2023-3668 1 Froxlor 1 Froxlor 2023-07-27 N/A 7.2 HIGH
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
CVE-2020-10235 1 Froxlor 1 Froxlor 2021-07-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
CVE-2018-1000527 1 Froxlor 1 Froxlor 2020-08-24 6.5 MEDIUM 7.2 HIGH
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.
CVE-2018-12642 1 Froxlor 1 Froxlor 2019-10-03 5.0 MEDIUM 7.5 HIGH
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.