Project repository

froxlor / froxlor

The server administration software for your needs - The official Froxlor development Git repository

Submit a report

FIRST INTERACTION

WITHIN1 DAY

REVIEW

WITHIN11 DAYS

FIX

WITHIN23 DAYS

froxlor

Absence of rate limit on "API-key" creation on admin login

Oct 15th 2023

not applicable

froxlor

Privilege escalation via symbolic link

Nov 10th 2023

Critical

•$60

Critical

•$60•CVE-2023-6069

froxlor

Stored HTML injection

Sep 29th 2023

duplicate

Medium

froxlor

SQL Database Error could lead to SQL Injection with internal Path Disclosure

Oct 2nd 2023

not applicable

froxlor

Stored HTML injection

Sep 10th 2023

duplicate

Medium

froxlor

Stored HTML injection

Sep 8th 2023

Medium

Medium

•CVE-2023-4829

froxlor

HTML injection Leads to Open redirection

Oct 13th 2023

Medium

Medium

•CVE-2023-5564

froxlor

Business Logic Error - letting the Name Field blank

Aug 11th 2023

Low

Low

•CVE-2023-4304

froxlor

Uncaught Error while deleteing the default Backup File

Aug 31st 2023

not applicable

froxlor

SQL Errors with multiple internal Path Disclosures while deleting a Backup File

Aug 31st 2023

not applicable

froxlor

stored HTML Injection in the Backup Section

Aug 31st 2023

not applicable

froxlor

Remote Command Execution by Improper Escaping of Output

Jul 14th 2023

Critical

•$60

Critical

•$60•CVE-2023-3668

froxlor

Command Injection in "php-fpm restart command"

Jun 20th 2023

duplicate

High

froxlor

Insufficient Session Expiration in https://demo.froxlor.org/

Nov 18th 2023

self closed

froxlor

PHPSESSID is not renewed after user login

Jun 11th 2023

uonghoangminhchau•

duplicate

Low

froxlor

File Path Traversal Vulnerability

Jun 9th 2023

Medium

Medium

•CVE-2023-3172

froxlor

Using incorrect regex to filter OS command leads to RCE

May 5th 2023

duplicate

Critical

froxlor

Froxlor Brute Force on Current Password Field Lead to Account Takeover Due to La...

Apr 21st 2023

phyowathonewin•

duplicate

High

froxlor

Authentication Bypass and Weakness security

Apr 25th 2023

informative

High

froxlor

2FA Bypass by Brute Force

Jun 9th 2023

Critical

•$60

Critical

•$60•CVE-2023-3173

froxlor

.Git file exposed.

Mar 17th 2023

informative

High

froxlor

Remote Code Execution Vulnerability Through Unrestrict File Write

Apr 14th 2023

Critical

•$60

Critical

•$60•CVE-2023-2034

froxlor

Authentication Bypass for users with MD5 password hash

Mar 10th 2023

Critical

•$60

Critical

•$60•CVE-2023-1307

froxlor

No Rate Limit On Reset Password

May 12th 2023

Medium

Medium

•CVE-2023-2666

froxlor

Arbitrary File Deletion

Feb 7th 2023

duplicate

High

froxlor

Remote Code Execution in "Import Settings" feature

Feb 17th 2023

Critical

•$60

Critical

•$60•CVE-2023-0877

froxlor

Feb 7th 2023

duplicate

Medium

froxlor

Session Fixation in https://demo.froxlor.org/

Jun 11th 2023

Medium

Medium

•CVE-2023-3192

froxlor

CSRF in all endpoints of /lib/ajax.php by Changing the request method to GET

Feb 25th 2023

Medium

Medium

•CVE-2023-1033

froxlor

strong Password Policy Bypass through a Space

Jan 28th 2023

self closed

froxlor

weak Password Policy Directory Protection

Jan 29th 2023

Medium

Medium

•CVE-2023-0564

froxlor

Language Dropdown Menu Manipulation

Jan 29th 2023

Medium

Medium

•CVE-2023-0565

froxlor

SQL Database Error could lead to SQL Injection with internal Path Disclosure

Jan 29th 2023

Medium

Medium

•CVE-2023-0572

froxlor

Dropdown Menu Manipulation leads to stored HTML Injection

Jan 29th 2023

Medium

Medium

•CVE-2023-0566

froxlor

Stored HTML Injection

Jan 28th 2023

informative

Medium

froxlor

Privilege Escalation from customer to root

Feb 4th 2023

Critical

•$60

Critical

•$60•CVE-2023-0671

froxlor

Froxlor 2.0.6 Remote Command Execution via Arbitrary File Write and Server Side...

Jan 16th 2023

High

•$30

High

•$30•CVE-2023-0315

froxlor

Get based CSRF on Reset OP Cache functionality

Dec 31st 2022

Low

Low

•CVE-2022-4867

froxlor

Reseller role allowed to access to admin functionalities

Dec 31st 2022

Medium

Medium

•CVE-2022-4868

froxlor

Authenticated HTMLi via theme parameter on /lib/ajax.php

Dec 30th 2022

Medium

Medium

•CVE-2022-4864

froxlor

Client side restriction bypass on upload image file in settings

Dec 30th 2022

informative

Medium

froxlor

Html injection on admin_settings.php through part parameter

Jan 27th 2023

informative

Medium

froxlor

Local File Read through Improper Filename Validation

Jan 16th 2023

Medium

Medium

•CVE-2023-0316

froxlor

Authenticated Unrestricted Import Settings Lead to RCE

Dec 30th 2022

not applicable

froxlor

CSRF to change admin users password

Jan 28th 2023

uonghoangminhchau•

informative

Medium

froxlor

Improper validation in using of services commands

Dec 27th 2022

informative

High

froxlor

Cron execution command field allows attackers with admin privilege to execute OS...

Dec 21st 2022

High

•$30

High

•$30

froxlor

Unintended API key generation

Dec 3rd 2022

Medium

Medium

froxlor

froxlor/froxlor <= 0.10.38.2 - Authenticated Unrestricted File Upload to RCE

Dec 3rd 2022

High

High

froxlor

Username and email enumeration via Forgot password feature

Dec 3rd 2022

Medium

Medium

froxlor

CSRF on SSL certificates deletion

Dec 3rd 2022

High

High

froxlor

Html Injection Reflected in Login Page

Nov 5th 2022

Medium

Medium

•CVE-2022-3869

froxlor

Html Injection Stored in edit customers

Nov 4th 2022

High

High

•CVE-2022-3721

froxlor

CSRF on deleting an API key

Aug 27th 2022

Medium

Medium

•CVE-2022-3017

froxlor

Use of a Broken or Risky Cryptographic Algorithm

Oct 2nd 2021

michaellrowley•

High

High

froxlor

External Control of File Name or Path

Aug 25th 2021

High

•$25

High

•$25

froxlor

Sensitive Cookie Without 'HttpOnly' Flag

Aug 25th 2021

Medium

•$25

Medium

•$25

froxlor

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Aug 25th 2021

Medium

•$25

Medium

•$25

CRITICAL

$0

HIGH

$0

MEDIUM

$0

LOW

$0

huntr: froxlor/froxlor