CVE-2023-0315

HIGH

froxlor/froxlor <2.0.8 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-0315. PoCs published by Askar, mhaskar, Askar, jheysel-r7, including Metasploit module exploits/linux/http/froxlor_log_path_rce.

AI-analyzed exploit summary This exploit targets CVE-2023-0315 in Froxlor 2.0.3, achieving remote code execution by manipulating the logging path to inject a malicious Twig template. It establishes a reverse shell via netcat after authentication.

Description

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.

Exploits (3)

exploitdb WORKING POC

by Askar · pythonwebappsphp

https://www.exploit-db.com/exploits/51263

View Code ZIP pw:eip

This exploit targets CVE-2023-0315 in Froxlor 2.0.3, achieving remote code execution by manipulating the logging path to inject a malicious Twig template. It establishes a reverse shell via netcat after authentication.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Froxlor 2.0.3

Auth required

Prerequisites: Valid admin credentials · Network access to the target · PHP 8.2 environment

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 7 stars

by mhaskar · poc

https://github.com/mhaskar/CVE-2023-0315

View Code ZIP pw:eip

This is a functional exploit for CVE-2023-0315, targeting Froxlor 2.0.3. It leverages authenticated RCE by manipulating the logging path to inject a malicious Twig template, which executes a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Froxlor 2.0.3

Auth required

Prerequisites: Valid Froxlor admin credentials · Network access to the target · Listener setup for reverse shell

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Askar, jheysel-r7 · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/froxlor_log_path_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-0315 in Froxlor v2.0.7 and below by leveraging an authenticated log path manipulation vulnerability to achieve remote command execution via Twig template injection.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Froxlor v2.0.7 and below

Auth required

Prerequisites: Valid credentials for Froxlor admin panel · Write access to webroot directory

MITRE ATT&CK

T1059.004 - Unix Shell T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Third Party Advisory

https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a

View Patch ZIP pw:eip

Exploit, Patch, Third Party Advisory

https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.8913

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (2)

froxlor/froxlor < 2.0.8

froxlor/froxlor 0 - 2.0.8Packagist

Published Jan 16, 2023

Tracked Since Feb 18, 2026