Lxcenter Kloxo vulnerabilities
2 known vulnerabilities affecting lxcenter/kloxo.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2014-125123P1CRITICALCVSS 10.0ExploitedPoCfixed in 6.1.122025-07-31
CVE-2014-125123 [CRITICAL] CWE-89 CVE-2014-125123: An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (develo
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the administrator’s password from the backend database. Af
nvd
CVE-2012-10022P3HIGHCVSS 8.5PoC≤ 6.1.122025-08-01
CVE-2012-10022 [HIGH] CWE-269 CVE-2012-10022: Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to roo
nvd