FUXA SQL Injection vulnerability

Description

A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.1.12

References

• GHSA-v9q5-9crp-92f9
• youtu.be
• CVE-2023-31717
• CWE-89
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• FUXA SQL Injection vulnerability - fuxa-server - CVE-2023-31719
• FUXA local file inclusion vulnerability - CVE-2023-31718
• nuxt Code Injection vulnerability - CVE-2023-3224
• @langchain/community SQL Injection vulnerability - CVE-2024-7042

You might also like:

How do hackers hack websites?

These 7 PHP mistakes leave your website open to the hackers

Exploiting Server Version Disclosure

Tags:

npm

fuxa-server