CVE-2020-10236

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 0.10.14

Description An issue in the installation process of Froxlor allowed local attackers to cause denial of service (DoS) or disclose information from configuration files. This occurred when the installation directory was not writable, resulting in files being created with static names in the /tmp directory. The createUserdataConf function in install/lib/class.FroxlorInstall.php was involved in this issue.

Recommendations For versions prior to 0.10.14, update to version 0.10.14 or later to resolve the issue. As a temporary workaround, consider restricting write access to the /tmp directory or ensuring the installation directory is writable to minimize the risk of exploitation.