CVE-2021-42325

moderate-risk
Published 2021-10-12

Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.

Do I need to act?

~
5.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
50502
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Froxlor

References (6)

Third Party Advisory http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html
Patch https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe295857...
Third Party Advisory https://www.exploit-db.com/exploits/50502
Third Party Advisory http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html
Patch https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe295857...
Third Party Advisory https://www.exploit-db.com/exploits/50502
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal