A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
- Severity:
- High
Description
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.1.13
References
Related Issues
- JSONPath Plus Remote Code Execution (RCE) Vulnerability - CVE-2024-21534
- FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API - CVE-2026-25895
- FUXA allows Remote Code Execution (RCE) via the project import functionality. - CVE-2025-69983
- @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defst - Vulnerability
- Tags:
- npm
- @frangoteam/fuxa
Anything's wrong? Let us know Last updated on November 11, 2023