CVE-2020-10235: Improper Input Validation
(updated )
An issue was discovered in Froxlor. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, the flaw exists in _backupExistingDatabase
of the install/lib/class.FroxlorInstall.php
file.
References
Detect and mitigate CVE-2020-10235 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →