FUXA SQL Injection vulnerability - fuxa-server

Description

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.1.12

References

• GHSA-p46g-8c3q-89p2
• youtu.be
• CVE-2023-31719
• CWE-89
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• FUXA SQL Injection vulnerability - CVE-2023-31717
• FUXA local file inclusion vulnerability - CVE-2023-31718
• ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability - CVE-2024-39309
• Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL - CVE-2026-31871

You might also like:

Exploiting Server Version Disclosure

How do hackers hack websites?

These 7 PHP mistakes leave your website open to the hackers

Tags:

npm

fuxa-server