Vulnerabilities > Froxlor > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-09 | CVE-2023-3173 | Improper Restriction of Excessive Authentication Attempts vulnerability in Froxlor Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | 9.8 |
| 2023-03-10 | CVE-2023-1307 | Unspecified vulnerability in Froxlor Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | 9.8 |
| 2021-10-12 | CVE-2021-42325 | SQL Injection vulnerability in Froxlor Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. | 9.8 |
| 2017-09-06 | CVE-2015-5959 | Information Exposure vulnerability in Froxlor Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. | 9.8 |
| 2017-02-13 | CVE-2016-5100 | Use of Insufficiently Random Values vulnerability in Froxlor Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. | 9.8 |