CVE-2020-10235: Improper Input Validation

March 9, 2020 (updated July 21, 2021)

An issue was discovered in Froxlor. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, the flaw exists in _backupExistingDatabase of the install/lib/class.FroxlorInstall.php file.

References

bugzilla.suse.com/show_bug.cgi?id=1165721
nvd.nist.gov/vuln/detail/CVE-2020-10235

Code Behaviors & Features

Detect and mitigate CVE-2020-10235 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →