{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T03:02:57.677","vulnerabilities":[{"cve":{"id":"CVE-2018-1000527","sourceIdentifier":"cve@mitre.org","published":"2018-06-26T16:29:01.663","lastModified":"2024-11-21T03:40:07.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6."},{"lang":"es","value":"Froxlor en versiones iguales o anteriores a la 0.9.39.5 contiene una vulnerabilidad de inyección de objetos PHP en el nombre del dominio que puede resultar en una divulgación de información y en la ejecución remota de código. El ataque parece ser explotable pasando objetos PHP maliciosos en $_POST['ssl_ipandport']. La vulnerabilidad parece haber sido solucionada tras el commit con ID c1e62e6."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*","versionEndIncluding":"0.9.39.5","matchCriteriaId":"7BDEE295-B7DC-440B-851A-E63FD81F79A8"}]}]}],"references":[{"url":"https://0dd.zone/2018/05/31/Froxlor-Object-Injection/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/Froxlor/Froxlor/issues/555","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://0dd.zone/2018/05/31/Froxlor-Object-Injection/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/Froxlor/Froxlor/issues/555","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}