The host is installed with Froxlor 0.10.28 through 0.10.29.1 and is prone to a SQL injection vulnerability. A flaw is present in the application, which fails to handle an issue in Database/Manager/DbManagerMySQL.php file. Successful exploitation allow attackers to escalate privilege by creating a Froxlor administrator account and use it to execute code remotely as root on the target machine.