CVE-2021-42325

Description

Froxlor through 0.10.29.1 allows SQL injection in `Database/Manager/DbManagerMySQL.php` via a custom DB name.

How to fix CVE-2021-42325

To remediate CVE-2021-42325, upgrade the affected package to a fixed version below.

• Packagist/froxlor/froxlor—upgrade to 0.10.30 or later

Is CVE-2021-42325 being exploited?

Moderate — EPSS is 5.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.10.30

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-42325
• PATCHgithub.com/Froxlor/Froxlor
• WEBpacketstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html
• WEBgithub.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782