CVE-2022-3869
published 2022-11-05CVE-2022-3869: Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.26%
66.1th percentile
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| froxlor | froxlor | < 0.10.38.2 | 0.10.38.2 |
| froxlor | froxlor | >= 0 < 0.10.38.2 | 0.10.38.2 |
| froxlor | froxlor_froxlor | >= unspecified < 0.10.38.2 | 0.10.38.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Froxlor vulnerable to code injection
ghsa·2022-11-05
CVE-2022-3869 [MEDIUM] CWE-79 Froxlor vulnerable to code injection
Froxlor vulnerable to code injection
Code Injection in GitHub repository froxlor/froxlor prior to version 0.10.38.2. There are currently no known workarounds, please upgrade to version 0.10.38.2.
OSV
Froxlor vulnerable to code injection
osv·2022-11-05
CVE-2022-3869 [MEDIUM] Froxlor vulnerable to code injection
Froxlor vulnerable to code injection
Code Injection in GitHub repository froxlor/froxlor prior to version 0.10.38.2. There are currently no known workarounds, please upgrade to version 0.10.38.2.
No detection rules found.
Nuclei
Froxlor < 0.10.38.2. - HTML Injection
nuclei·CVSS 6.1
CVE-2022-3869 [MEDIUM] Froxlor < 0.10.38.2. - HTML Injection
Froxlor TEST"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'The message to "">TEST" failed'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a00473045022100f7d9f6ec4058de357b312e537d391120a7b8ea7d02b0374c66058ecdb04103f20220784434433878b54b46f9e2a1f3188bfb49e6d1e8a98feaf86b6394abed82b7e7:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-11-05
Published