Vulnerability Description
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Froxlor | Froxlor | < 0.10.14 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1165721ExploitIssue TrackingThird Party Advisory
- https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf6Patch
- https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d2Patch
- https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14Patch
- https://bugzilla.suse.com/show_bug.cgi?id=1165721ExploitIssue TrackingThird Party Advisory
- https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf6Patch
- https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d2Patch
- https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14Patch
FAQ
What is CVE-2020-10235?
CVE-2020-10235 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed u...
How severe is CVE-2020-10235?
CVE-2020-10235 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10235?
Check the references section above for vendor advisories and patch information. Affected products include: Froxlor Froxlor.