// For flags

CVE-2018-1000527

 

Severity Score

7.2
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.

Froxlor en versiones iguales o anteriores a la 0.9.39.5 contiene una vulnerabilidad de inyección de objetos PHP en el nombre del dominio que puede resultar en una divulgación de información y en la ejecución remota de código. El ataque parece ser explotable pasando objetos PHP maliciosos en $_POST['ssl_ipandport']. La vulnerabilidad parece haber sido solucionada tras el commit con ID c1e62e6.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-06-01 CVE Reserved
  • 2018-06-26 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-09-29 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
URL Tag Source
https://0dd.zone/2018/05/31/Froxlor-Object-Injection Third Party Advisory
https://github.com/Froxlor/Froxlor/issues/555 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Froxlor
Search vendor "Froxlor"
 Froxlor
Search vendor "Froxlor" for product "Froxlor"
 <= 0.9.39.5
Search vendor "Froxlor" for product "Froxlor" and version " <= 0.9.39.5"
-
Affected