← Voltar para CVEs
CVE-2023-50256
HIGH7.5
Descricao
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/3/2024
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
froxlor:froxlor
Fraquezas (CWE)
CWE-20
Referencias
https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac(security-advisories@github.com)
https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4(security-advisories@github.com)
https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4(security-advisories@github.com)
https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4(af854a3a-2127-422b-91ae-364da2661108)
https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.