Martin Cernac

**Name of the Vulnerable Software and Affected Versions** Froxlor versions 0.10.28 through 0.10.29.1 **Description** The issue allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. This can potentially lead to remote code execution (RCE). **Recommendations** For versions 0.10.28 through 0.10.29.1, consider disabling the custom DB name feature in Database/Manager/DbManagerMySQL.php until a patch is available. Restrict access to the Database/Manager/DbManagerMySQL.php file to minimize the risk of exploitation. Avoid using custom DB names in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.