Lucene search

Fuxa Security Vulnerabilities

cve

CVE-2021-45851

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

7.5CVSS

7.5AI Score

0.002EPSS

2022-03-16 10:15 AM

cve

CVE-2023-31716

FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log

7.5CVSS

7.5AI Score

0.001EPSS

2023-09-22 12:15 AM

cve

CVE-2023-31717

A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.

7.5CVSS

7.8AI Score

0.001EPSS

2023-09-22 12:15 AM

cve

CVE-2023-31718

FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.

7.5CVSS

7.5AI Score

0.001EPSS

2023-09-22 12:15 AM

2422

cve

CVE-2023-31719

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.

9.8CVSS

9.8AI Score

0.001EPSS

2023-09-22 12:15 AM

2418

cve

CVE-2023-33831

A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.

9.8CVSS

9.6AI Score

0.182EPSS

2023-09-18 08:15 PM

2423