Lucene search
Veracode Vulnerability DatabaseVERACODE:38952HistoryJan 21, 2023 - 9:15 a.m.
Command Injection
2023-01-2109:15:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
froxlor command injection arbitrary file write template remote code execution vulnerability twig template software
0.54 Medium
EPSS
Percentile
97.6%
froxlor/froxlor is vulnerable to Command Injection. The vulnerability is due to an Arbitrary File Write in the logging module which allows an attacker to overwrite an arbitrary file, and Template Injection. A remote authenticated attacker can chain these vulnerabilities together, resulting in Remote Code Execution by overwriting a twig template.
| CPE | Name | Operator | Version |
|---|---|---|---|
| froxlor/froxlor | le | 2.0.7 | |
| froxlor/froxlor | le | 2.0.7 |
References
packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html
packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html
github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a
huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943
huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943/
Related
cvelist
cvelist
CVE-2023-0315 Command Injection in froxlor/froxlor
2023-01-16 00:00:00
github
github
Froxlor vulnerable to Command Injection
2023-01-16 03:30:25
packetstorm
packetstorm
Froxlor 2.0.3 Stable Remote Code Execution
2023-04-06 00:00:00
Froxlor 2.0.6 Remote Command Execution
2023-02-23 00:00:00
nvd
nvd
CVE-2023-0315
2023-01-16 01:15:08
githubexploit
githubexploit
Exploit for Command Injection in Froxlor
2023-01-29 21:20:26
huntr
huntr
osv
osv
Froxlor vulnerable to Command Injection
2023-01-16 03:30:25
CVE-2023-0315
2023-01-16 01:15:08
prion
prion
Command injection
2023-01-16 01:15:00
zdt
zdt
Froxlor 2.0.3 Stable - Remote Code Execution Exploit
2023-04-05 00:00:00
Froxlor 2.0.6 Remote Command Execution Exploit
2023-02-27 00:00:00
cve
cve
CVE-2023-0315
2023-01-16 01:15:08
exploitdb
exploitdb
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
2023-04-05 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2023-02-24 20:08:11