CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-09 16:15

Updated : 2024-02-04 20:39


NVD link : CVE-2020-10235

Mitre link : CVE-2020-10235

CVE.ORG link : CVE-2020-10235


JSON object : View

Products Affected

froxlor

  • froxlor
CWE
CWE-116

Improper Encoding or Escaping of Output

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')