Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

froxlor — Vulnerabilities & Security Advisories 39

Browse all 39 CVE security advisories affecting froxlor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Froxlor is an open-source web hosting control panel designed to automate the management of web, DNS, mail, and database services for system administrators. Its architecture, primarily built in PHP, has historically exposed it to a significant volume of security flaws, currently totaling 39 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls within its administrative interface. Privilege escalation remains a critical concern, allowing unauthenticated or low-privileged users to gain elevated system access. While no single catastrophic global incident has defined its history, the sheer number of disclosed CVEs indicates systemic weaknesses in code review and security hardening. Administrators relying on this platform must prioritize rigorous patch management and network segmentation to mitigate the risk of exploitation inherent in its long-standing codebase.

Top products by froxlor: froxlor/froxlor Froxlor Froxlor Froxlor Server Management Panel
CVE IDTitleCVSSSeverityPublished
CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() — froxlorCWE-863 5.4 Medium2026-04-23
CVE-2026-41232 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing — froxlorCWE-863 5.0 Medium2026-04-23
CVE-2026-41231 Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron — froxlorCWE-59 7.5 High2026-04-23
CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() — froxlorCWE-93 8.5 High2026-04-23
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) — froxlorCWE-94 9.1 Critical2026-04-23
CVE-2026-41228 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution — froxlorCWE-98 10.0 Critical2026-04-23
CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API — froxlorCWE-74 7.5 -2026-03-24
CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection — FroxlorCWE-78 9.1 Critical2026-03-03
CVE-2020-36978 Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting — Froxlor Froxlor Server Management PanelCWE-79 6.4 Medium2026-01-27
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability — FroxlorCWE-79 5.5 Medium2025-06-02
CVE-2025-29773 Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover — FroxlorCWE-287 5.8 Medium2025-03-13
CVE-2024-34070 Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise — FroxlorCWE-79 9.7 Critical2024-05-10
CVE-2023-50256 Froxlor username/surname AND company field Bypass — FroxlorCWE-20 7.5 High2024-01-03
CVE-2023-6069 Improper Link Resolution Before File Access in froxlor/froxlor — froxlor/froxlorCWE-59 9.9 Critical2023-11-10
CVE-2023-4829 Cross-site Scripting (XSS) - Stored in froxlor/froxlor — froxlor/froxlorCWE-79 5.4 -2023-10-13
CVE-2023-5564 Cross-site Scripting (XSS) - Stored in froxlor/froxlor — froxlor/froxlorCWE-79 5.4 -2023-10-13
CVE-2023-4304 Business Logic Errors in froxlor/froxlor — froxlor/froxlorCWE-840 3.8 Low2023-08-11
CVE-2023-3668 Improper Encoding or Escaping of Output in froxlor/froxlor — froxlor/froxlorCWE-116 8.3 -2023-07-14
CVE-2023-3192 Session Fixation in froxlor/froxlor — froxlor/froxlorCWE-384 7.6 -2023-06-11
CVE-2023-3173 Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor — froxlor/froxlorCWE-307 9.4 -2023-06-09
CVE-2023-3172 Path Traversal in froxlor/froxlor — froxlor/froxlorCWE-22 2.7 -2023-06-09
CVE-2023-2666 Allocation of Resources Without Limits or Throttling in froxlor/froxlor — froxlor/froxlorCWE-770 8.1 -2023-05-12
CVE-2023-2034 Unrestricted Upload of File with Dangerous Type in froxlor/froxlor — froxlor/froxlorCWE-434 9.9 -2023-04-14
CVE-2023-1307 Authentication Bypass by Primary Weakness in froxlor/froxlor — froxlor/froxlorCWE-305 9.8 -2023-03-10
CVE-2023-1033 Cross-Site Request Forgery (CSRF) in froxlor/froxlor — froxlor/froxlorCWE-352 7.1 -2023-02-25
CVE-2023-0877 Code Injection in froxlor/froxlor — froxlor/froxlorCWE-94 4.6 -2023-02-17
CVE-2023-0671 Code Injection in froxlor/froxlor — froxlor/froxlorCWE-94 4.6 -2023-02-04
CVE-2023-0566 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor — froxlor/froxlorCWE-79 6.2 Medium2023-01-29
CVE-2023-0564 Weak Password Requirements in froxlor/froxlor — froxlor/froxlorCWE-521 5.4 Medium2023-01-29
CVE-2023-0565 Business Logic Errors in froxlor/froxlor — froxlor/froxlorCWE-840 5.5 Medium2023-01-29

This page lists every published CVE security advisory associated with froxlor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.