Vulnerabilities (CVE)

Filtered by vendor Frangoteam Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33831 1 Frangoteam 1 Fuxa 2024-11-21 N/A 9.8 CRITICAL
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2023-31719 1 Frangoteam 1 Fuxa 2024-11-21 N/A 9.8 CRITICAL
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
CVE-2023-31718 1 Frangoteam 1 Fuxa 2024-11-21 N/A 7.5 HIGH
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
CVE-2023-31717 1 Frangoteam 1 Fuxa 2024-11-21 N/A 7.5 HIGH
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
CVE-2023-31716 1 Frangoteam 1 Fuxa 2024-11-21 N/A 7.5 HIGH
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
CVE-2021-45851 1 Frangoteam 1 Fuxa 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.