Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security.
This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Froxlor Froxlor
cpe:2.3:a:froxlor:froxlor:2.2.5:*:*:*:*:*:*:*
|
— | — |
References 3
https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b…
security-advisories@github.com
https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f
security-advisories@github.com
https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ
security-advisories@github.com