CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-42325 – Froxlor 0.10.29.1 - SQL Injection (Authenticated)
https://notcve.org/view.php?id=CVE-2021-42325
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. Froxlor versiones hasta 0.10.29.1, permite una inyección SQL en el archivo Database/Manager/DbManagerMySQL.php por medio de un nombre de base de datos personalizado Froxlor version 0.10.2l9.1 suffers from a remote SQL injection vulnerability that can enable an attacker to achieve remote code execution. • https://www.exploit-db.com/exploits/50502 https://github.com/AK-blank/CVE-2021-42325- http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •