pkg:Packagist/froxlor/froxlor

共 50 筆 CVECRITICAL11HIGH15MEDIUM22LOW1

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.9CVE-2026-41228Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution
    from 0, < 2.3.6
  • CRITICAL9.9CVE-2023-6069Froxlor Improper Input Validation vulnerability
    from 0, < 2.1.0-beta1
  • CRITICAL9.8CVE-2023-3173Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
    from 0, < 2.0.20
  • CRITICAL9.8CVE-2023-1307Froxlor is vulnerable to authentication bypass
    from 0, < 2.0.13
  • CRITICAL9.8CVE-2021-42325Froxlor SQL injection vulnerability
    from 0, < 0.10.30
  • CRITICAL9.8CVE-2016-5100Froxlor guessable password reset token
    from 0, < 0.9.35
  • CRITICAL9.6CVE-2024-34070Blind XSS Leading to Froxlor Application Compromise
    from 0, < 2.1.9
  • CRITICAL9.1CVE-2026-41229Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
    from 0, < 2.3.6
  • CRITICAL9.1CVE-2026-26279Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
    from 0, < 2.3.4
  • CRITICAL9.1CVE-2023-3668Froxlor vulnerable to Improper Encoding or Escaping of Output
    from 0, < 2.0.21
  • CRITICAL9.1CVE-2023-2034froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
    from 0, < 2.0.14
  • HIGH8.8CVE-2026-41236Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path
    >= 2.3.6, < 2.3.7
  • HIGH8.8CVE-2026-41235Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement
    >= 2.3.6, < 2.3.7
  • HIGH8.8CVE-2026-30932Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API
    from 0, < 2.3.5
  • HIGH8.8CVE-2023-1033Froxlor Cross-Site Request Forgery vulnerability
    from 0, < 2.0.11
  • HIGH8.8CVE-2023-0877Code Injection in froxlor/froxlor
    from 0, < 2.0.11
  • HIGH8.8CVE-2023-0671froxlor is vulnerable to privilege escalation from customer to root via directory-options
    from 0, < 2.0.10
  • HIGH8.8CVE-2023-0315Froxlor vulnerable to Command Injection
    from 0, < 2.0.8
  • HIGH8.8CVE-2020-10235Froxlor arbitrary code execution via the database configuration options
    from 0, < 0.10.14
  • HIGH8.5CVE-2026-41230Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()
    from 0, < 2.3.6
  • HIGH7.5CVE-2026-41231Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron
    from 0, < 2.3.6
  • HIGH7.5CVE-2023-50256Froxlor username/surname AND company field Bypass
    from 0, < 2.1.2
  • HIGH7.5CVE-2023-0564Froxlor contains Weak Password Requirements
    from 0, < 2.0.10
  • HIGH7.5CVE-2018-12642Froxlor Incorrect Access Control
    from 0, < 0.9.40
  • HIGH7.2CVE-2023-3172Froxlor vulnerable to Path Traversal
    from 0, < 2.0.20
  • HIGH7.2CVE-2018-1000527Froxlor PHP Object Injection vulnerability
    from 0, < 0.9.40
  • MEDIUM6.5CVE-2023-2666Froxlor vulnerable to Allocation of Resources Without Limits or Throttling
    from 0, < 2.0.16
  • MEDIUM6.5CVE-2022-3017Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
    from 0, < 0.10.38
  • MEDIUM6.1CVE-2022-3869Froxlor vulnerable to code injection
    from 0, < 0.10.38.2
  • MEDIUM6.1CVE-2020-10236Froxlor Information Disclosure
    from 0, < 0.10.14
  • MEDIUM6.1CVE-2020-29653HTML Injection in Froxlor
    from 0, <= 0.10.22
  • MEDIUM5.8CVE-2025-29773Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover
    from 0, < 2.2.6
  • MEDIUM5.5CVE-2025-48958Froxlor has an HTML Injection Vulnerability
    from 0, < 2.2.6
  • MEDIUM5.5CVE-2023-0316Froxlor is vulnerable to path traversal
    from 0, < 2.0.0
  • MEDIUM5.5CVE-2020-10237Froxlor Exposure of Sensitive Information to an Unauthorized Actor
    from 0, <= 0.10.15
  • MEDIUM5.4CVE-2026-41233Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()
    from 0, < 2.3.6
  • MEDIUM5.4CVE-2023-3192Froxlor Session Fixation vulnerability
    from 0, < 2.1.0
  • MEDIUM5.4CVE-2022-4864Froxlor vulnerable to Argument Injection
    >= 2.0.0-beta0, < 2.0.0-beta1
  • MEDIUM5.4CVE-2020-28957Foxlor cross-site scripting (XSS) vulnerability
  • MEDIUM5.3CVE-2023-0572Froxlor contains Unchecked Error Condition
    from 0, < 2.0.10
  • MEDIUM5.0CVE-2026-41232Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing
    from 0, < 2.3.6
  • MEDIUM4.9CVE-2023-0565Froxlor contains Business Logic Errors
    from 0, < 2.0.10
  • MEDIUM4.8CVE-2023-4829Cross-site Scripting (XSS) in froxlor/froxlor
    from 0, < 2.0.22
  • MEDIUM4.8CVE-2023-5564Cross-site Scripting (XSS) in froxlor/froxlor
    from 0, < 2.1.0-dev1
  • MEDIUM4.8CVE-2023-0566Froxlor contains Static Code Injection
    from 0, < 2.0.10
  • MEDIUM4.6CVE-2022-3721Froxlor vulnerable to Code Injection
    from 0, < 0.10.39
  • MEDIUM4.3CVE-2022-4868Froxlor Improper Authorization vulnerability
    >= 2.0.0-beta0, < 2.0.0-beta1
  • MEDIUM4.3CVE-2022-4867Froxlor vulnerable to Cross-Site Request Forgery
    >= 2.0.0-beta0, < 2.0.0-beta1
  • LOW3.8CVE-2023-4304Froxlor vulnerable to business logic errors
    from 0, < 2.0.22
  • CVE-2026-41237Froxlor has an incomplete fix for CVE-2026-30932
    from 0, < 2.3.7