Shodan
Vulnerabilities
Vulnerable Software
Frangoteam:  >> Fuxa  Security Vulnerabilities
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.
CVSS Score
9.8
EPSS Score
0.044
Published
2026-02-03
CVE-2025-69981
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as the SQLite user database) to gain administrative access, or to upload malicious scripts to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-03
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-02-03
CVE-2023-31717
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
CVSS Score
7.5
EPSS Score
0.314
Published
2023-09-22
CVE-2023-31718
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
CVSS Score
7.5
EPSS Score
0.382
Published
2023-09-22
CVE-2023-31719
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
CVSS Score
9.8
EPSS Score
0.659
Published
2023-09-22
CVE-2023-31716
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
CVSS Score
7.5
EPSS Score
0.371
Published
2023-09-22
CVE-2023-33831
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.934
Published
2023-09-18
CVE-2021-45851
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-03-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved