← Volver a CVEs

CVE-2020-10235

HIGH

8.8

Descripcion

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.

Detalles CVE

Puntuacion CVSS v3.18.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado3/9/2020

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

froxlor:froxlor

Debilidades (CWE)

CWE-78CWE-116

Referencias

https://bugzilla.suse.com/show_bug.cgi?id=1165721(cve@mitre.org)

https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656(cve@mitre.org)

https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207(cve@mitre.org)

https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14(cve@mitre.org)

https://bugzilla.suse.com/show_bug.cgi?id=1165721(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.