Image files uploaded in froxlor/froxlor prior to 2.0.14 were not properly validated which could result in remote code execution via path manipulation.
References:GSA_kwCzR0hTQS1xd3ZwLWc5ajctMjhmNs4AAyxG
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
Affected Packages | Affected Versions | Fixed Versions | |
---|---|---|---|
packagist:froxlor/froxlor | < 2.0.14 | 2.0.14 | |
Affected Version RangesAll affected versions0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.10.15, 0.10.16, 0.10.17, 0.10.18, 0.10.19, 0.10.20, 0.10.21, 0.10.22, 0.10.23, 0.10.24, 0.10.25, 0.10.26, 0.10.27, 0.10.28, 0.10.29, 0.10.30, 0.10.31, 0.10.32, 0.10.33, 0.10.34, 0.10.35, 0.10.36, 0.10.37, 0.10.38, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13 All unaffected versions2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8 |