CVE-2023-50256 HIGH

CVE-2023-50256: Froxlor username/surname AND company field Bypass

Vendor Froxlor
Product Froxlor
Weakness CWE-20 · Input validation
Published January 3, 2024
Last update June 17, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.

Key dates

02Disclosure timeline

January 3, 2024 CVE published
June 17, 2025 Record updated