Froxlor server administration software contains a privilege escalation vulnerability prior to version 2.3.6. The DataDump.add() function constructs export destination paths from user input without proper symlink validation, bypassing security controls added for CVE-2023-6069. When ExportCron runs as root, it executes 'chown -R' on resolved symlink targets, allowing customers to take ownership of arbitrary system directories. This represents a complete system compromise scenario where unprivileged users can escalate to root-level access through symlink manipulation.