CVE-2023-50256

Published: Jan 3, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.

Affected (1)

Products: Froxlor: Froxlor

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Froxlor Froxlor	Before 2.1.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac

Source: security-advisories@github.com

Patch

https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4

Source: security-advisories@github.com

ExploitVendor Advisory

https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4

Source: security-advisories@github.com

Exploit

https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.