CVE-2023-50256

HIGH

Froxlor < 2.1.2 - Improper Input Validation

Title source: rule

Description

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.

References (3)

Core 3

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4

Patch x_refsource_misc

https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac

View Patch ZIP pw:eip

Exploit x_refsource_misc

https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 18.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (2)

froxlor/froxlor < 2.1.2

froxlor/froxlor 0 - 2.1.2Packagist

Published Jan 03, 2024

Tracked Since Feb 18, 2026