Information disclosure in Froxlor - #VU135772
Published: June 29, 2026
Froxlor
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in customer_email.php when rendering the sender-delete confirmation page with a supplied senderid value. A remote user can supply a foreign sender alias identifier to disclose sensitive information.
Only instances with mail.enable_allow_sender enabled are vulnerable.