Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

froxlor — Vulnerabilities & Security Advisories 39

Browse all 39 CVE security advisories affecting froxlor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Froxlor is an open-source web hosting control panel designed to automate the management of web, DNS, mail, and database services for system administrators. Its architecture, primarily built in PHP, has historically exposed it to a significant volume of security flaws, currently totaling 39 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls within its administrative interface. Privilege escalation remains a critical concern, allowing unauthenticated or low-privileged users to gain elevated system access. While no single catastrophic global incident has defined its history, the sheer number of disclosed CVEs indicates systemic weaknesses in code review and security hardening. Administrators relying on this platform must prioritize rigorous patch management and network segmentation to mitigate the risk of exploitation inherent in its long-standing codebase.

Found 26 results / 39Clear Filters
Top products by froxlor: froxlor/froxlor Froxlor Froxlor Froxlor Server Management Panel
CVE IDTitleCVSSSeverityPublished
CVE-2023-6069 Improper Link Resolution Before File Access in froxlor/froxlor — froxlor/froxlorCWE-59 9.9 Critical2023-11-10
CVE-2023-4829 Cross-site Scripting (XSS) - Stored in froxlor/froxlor — froxlor/froxlorCWE-79 5.4 -2023-10-13
CVE-2023-5564 Cross-site Scripting (XSS) - Stored in froxlor/froxlor — froxlor/froxlorCWE-79 5.4 -2023-10-13
CVE-2023-4304 Business Logic Errors in froxlor/froxlor — froxlor/froxlorCWE-840 3.8 Low2023-08-11
CVE-2023-3668 Improper Encoding or Escaping of Output in froxlor/froxlor — froxlor/froxlorCWE-116 8.3 -2023-07-14
CVE-2023-3192 Session Fixation in froxlor/froxlor — froxlor/froxlorCWE-384 7.6 -2023-06-11
CVE-2023-3172 Path Traversal in froxlor/froxlor — froxlor/froxlorCWE-22 2.7 -2023-06-09
CVE-2023-3173 Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor — froxlor/froxlorCWE-307 9.4 -2023-06-09
CVE-2023-2666 Allocation of Resources Without Limits or Throttling in froxlor/froxlor — froxlor/froxlorCWE-770 8.1 -2023-05-12
CVE-2023-2034 Unrestricted Upload of File with Dangerous Type in froxlor/froxlor — froxlor/froxlorCWE-434 9.9 -2023-04-14
CVE-2023-1307 Authentication Bypass by Primary Weakness in froxlor/froxlor — froxlor/froxlorCWE-305 9.8 -2023-03-10
CVE-2023-1033 Cross-Site Request Forgery (CSRF) in froxlor/froxlor — froxlor/froxlorCWE-352 7.1 -2023-02-25
CVE-2023-0877 Code Injection in froxlor/froxlor — froxlor/froxlorCWE-94 4.6 -2023-02-17
CVE-2023-0671 Code Injection in froxlor/froxlor — froxlor/froxlorCWE-94 4.6 -2023-02-04
CVE-2023-0572 Unchecked Error Condition in froxlor/froxlor — froxlor/froxlorCWE-391 5.3 Medium2023-01-29
CVE-2023-0566 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor — froxlor/froxlorCWE-79 6.2 Medium2023-01-29
CVE-2023-0565 Business Logic Errors in froxlor/froxlor — froxlor/froxlorCWE-840 5.5 Medium2023-01-29
CVE-2023-0564 Weak Password Requirements in froxlor/froxlor — froxlor/froxlorCWE-521 5.4 Medium2023-01-29
CVE-2023-0316 Path Traversal: '\..\filename' in froxlor/froxlor — froxlor/froxlorCWE-29 6.5 -2023-01-16
CVE-2023-0315 Command Injection in froxlor/froxlor — froxlor/froxlorCWE-77 8.8 -2023-01-16
CVE-2022-4868 Improper Authorization in froxlor/froxlor — froxlor/froxlorCWE-285 4.3 -2022-12-31
CVE-2022-4867 Cross-Site Request Forgery (CSRF) in froxlor/froxlor — froxlor/froxlorCWE-352 4.3 -2022-12-31
CVE-2022-4864 Argument Injection in froxlor/froxlor — froxlor/froxlorCWE-88 7.6 -2022-12-30
CVE-2022-3869 Code Injection in froxlor/froxlor — froxlor/froxlorCWE-94 4.6 -2022-11-05
CVE-2022-3721 Code Injection in froxlor/froxlor — froxlor/froxlorCWE-94 4.6 -2022-11-04
CVE-2022-3017 Cross-Site Request Forgery (CSRF) in froxlor/froxlor — froxlor/froxlorCWE-352 7.1 -2022-08-28

This page lists every published CVE security advisory associated with froxlor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.