Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-p29c-jpgj-v57r

Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 8.8

Описание

Froxlor arbitrary code execution via the database configuration options

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.

Ссылки

Пакеты

Наименование

froxlor/froxlor

composer
Затронутые версииВерсия исправления

< 0.10.14

0.10.14

EPSS

Процентиль: 71%
0.007
Низкий

8.8 High

CVSS3

CVE ID

CVE-2020-10235

Дефекты

CWE-20
CWE-78

Связанные уязвимости

nvd логотип

CVE-2020-10235

CVSS3: 8.8
nvd
почти 6 лет назад

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.

debian логотип

CVE-2020-10235

CVSS3: 8.8
debian
почти 6 лет назад

An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...

EPSS

Процентиль: 71%
0.007
Низкий

8.8 High

CVSS3

CVE ID

CVE-2020-10235

Дефекты

CWE-20
CWE-78