Vulnerability Description
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Froxlor | Froxlor | < 2.1.2 |
Related Weaknesses (CWE)
References
- https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cPatch
- https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4ExploitVendor Advisory
- https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-Exploit
- https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cPatch
- https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4ExploitVendor Advisory
- https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-Exploit
FAQ
What is CVE-2023-50256?
CVE-2023-50256 is a vulnerability with a CVSS score of 7.5 (HIGH). Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intent...
How severe is CVE-2023-50256?
CVE-2023-50256 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50256?
Check the references section above for vendor advisories and patch information. Affected products include: Froxlor Froxlor.