CVE-2018-1000527

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 0.9.39.5

Description The issue concerns a PHP Object Injection vulnerability in the Domain name form, potentially leading to information disclosure and remote code execution. This can be exploited by passing malicious PHP objects in the $ POST['ssl ipandport'] variable.

Recommendations For versions prior to 0.9.39.5, update to a version that includes the fix committed after c1e62e6 to resolve the issue. As a temporary workaround, consider restricting access to the Domain name form to minimize the risk of exploitation. Avoid using the $ POST['ssl ipandport'] variable in the affected form until the issue is resolved.