FUXA SQL Injection vulnerability (GHSA-p46g-8c3q-89p2)

Description

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.1.12

References

• GHSA-p46g-8c3q-89p2
• youtu.be
• CVE-2023-31719
• CWE-89
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• FUXA SQL Injection vulnerability - CVE-2023-31717
• FUXA local file inclusion vulnerability - CVE-2023-31718
• systeminformation SSID Command Injection Vulnerability - CVE-2023-42810
• @langchain/community SQL Injection vulnerability - CVE-2024-7042

You might also like:

How do hackers hack websites?

These 7 PHP mistakes leave your website open to the hackers

Exploiting Server Version Disclosure

Tags:

npm

fuxa-server