Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtMetasploit1337DAY-ID-38222
HistoryFeb 27, 2023 - 12:00 a.m.

Froxlor 2.0.6 Remote Command Execution Exploit

2023-02-2700:00:00
metasploit
0day.today
235
froxlor version 2.0.6
remote command execution
security exploit

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.54 Medium

EPSS

Percentile

97.6%

JSON

Froxlor versions 2.0.6 and below suffer from a bug that allows authenticated users to change the application logs path to any directory on the OS level which the user www-data can write without restrictions from the backend which leads to writing a malicious Twig template that the application will render. That leads to remote command execution under the user www-data.

Related

cvelist 1
github 1
packetstorm 2
nvd 1
veracode 1
githubexploit 1
huntr 1
osv 2
prion 1
zdt 1
cve 1
exploitdb 1
rapid7blog 1
cvelist
cvelist
CVE-2023-0315 Command Injection in froxlor/froxlor
2023-01-16 00:00:00
github
github
Froxlor vulnerable to Command Injection
2023-01-16 03:30:25
packetstorm
packetstorm
Froxlor 2.0.3 Stable Remote Code Execution
2023-04-06 00:00:00
Froxlor 2.0.6 Remote Command Execution
2023-02-23 00:00:00
nvd
nvd
CVE-2023-0315
2023-01-16 01:15:08
veracode
veracode
Command Injection
2023-01-21 09:15:01
githubexploit
githubexploit
Exploit for Command Injection in Froxlor
2023-01-29 21:20:26
huntr
huntr
Froxlor 2.0.6 Remote Command Execution via Arbitrary File Write and Server Side Template Injection
2023-01-11 01:34:30
osv
osv
Froxlor vulnerable to Command Injection
2023-01-16 03:30:25
CVE-2023-0315
2023-01-16 01:15:08
prion
prion
Command injection
2023-01-16 01:15:00
zdt
zdt
Froxlor 2.0.3 Stable - Remote Code Execution Exploit
2023-04-05 00:00:00
cve
cve
CVE-2023-0315
2023-01-16 01:15:08
exploitdb
exploitdb
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
2023-04-05 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2023-02-24 20:08:11

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.54 Medium

EPSS

Percentile

97.6%

JSON
Related for 1337DAY-ID-38222
cvelist1github1packetstorm2nvd1veracode1githubexploit1huntr1osv2prion1zdt1cve1exploitdb1rapid7blog1