Frangoteam: Security Vulnerabilities
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
CVSS Score
7.5
EPSS Score
0.308
Published
2023-09-22
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
CVSS Score
7.5
EPSS Score
0.099
Published
2023-09-22
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
CVSS Score
9.8
EPSS Score
0.655
Published
2023-09-22
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
CVSS Score
7.5
EPSS Score
0.371
Published
2023-09-22
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.934
Published
2023-09-18
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-03-16