SQL injection vulnerability in Froxlor - CVE-2021-42325 (dpkg)ID: oval:org.secpod.oval:def:78001 | Date: (C)2022-03-03 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Froxlor 0.10.28 through 0.10.29.1 and is prone to a SQL injection vulnerability. A flaw is present in the application, which fails to handle an issue in Database/Manager/DbManagerMySQL.php file. Successful exploitation allow attackers to escalate privilege by creating a Froxlor administrator account and use it to execute code remotely as root on the target machine.