Homepage
About Snyk

Arbitrary Code Execution Affecting froxlor/froxlor package, versions <0.10.14

0.0
high

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.53% (77th percentile)
Expand this section
NVD
8.8 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-FROXLORFROXLOR-559544
  • published 9 Mar 2020
  • disclosed 9 Mar 2020
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 9 Mar 2020

CVE-2020-10235 Open this link in a new tab
CWE-94 Open this link in a new tab

How to fix?

Upgrade froxlor/froxlor to version 0.10.14 or higher.

Overview

froxlor/froxlor is a server administration software.

Affected versions of this package are vulnerable to Arbitrary Code Execution. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.