Vulnerabilities > Froxlor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-09 | CVE-2020-10237 | Race Condition vulnerability in Froxlor An issue was discovered in Froxlor through 0.10.15. | 5.5 |
| 2020-03-09 | CVE-2020-10236 | Improper Input Validation vulnerability in Froxlor An issue was discovered in Froxlor before 0.10.14. | 6.1 |
| 2020-03-09 | CVE-2020-10235 | Improper Encoding or Escaping of Output vulnerability in Froxlor An issue was discovered in Froxlor before 0.10.14. | 8.8 |
| 2018-06-26 | CVE-2018-1000527 | Deserialization of Untrusted Data vulnerability in Froxlor Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. | 7.2 |
| 2018-06-22 | CVE-2018-12642 | Incorrect Permission Assignment for Critical Resource vulnerability in Froxlor Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | 7.5 |
| 2017-09-06 | CVE-2015-5959 | Information Exposure vulnerability in Froxlor Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. | 9.8 |
| 2017-02-13 | CVE-2016-5100 | Use of Insufficiently Random Values vulnerability in Froxlor Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. | 9.8 |