Froxlor username/surname AND company field Bypass
CVE-2023-50256

7.5HIGH

Key Information:

Vendor

Froxlor

Status
Froxlor
Vendor
CVE Published:
3 January 2024

What is CVE-2023-50256?

Prior to version 2.1.2, Froxlor, an open source server administration software, exhibited an authentication bypass vulnerability. Attackers could submit the registration form without filling in essential fields like username and password, which allowed them to circumvent the mandatory requirements for fields such as surname and company name. This flaw compromises the integrity of user registration processes and could potentially allow unauthorized access to the system. The issue is resolved in version 2.1.2, which reinforces validation mechanisms to ensure all required fields are properly checked.

Affected Version(s)

Froxlor < 2.1.2

References

https://github.com/Froxlor/Froxlor/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/Froxlor/Froxlor/commit/4b1846883d48289...
x_refsource_MISC
https://user-images.githubusercontent.com/80028768/289675...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.