Search criteria
18 vulnerabilities found for fuxa by frangoteam
FKIE_CVE-2023-31718
Vulnerability from fkie_nvd - Published: 2023-09-22 00:15 - Updated: 2024-11-21 08:02
Severity ?
Summary
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/MateusTesser/CVE-2023-31718 | Third Party Advisory | |
| cve@mitre.org | https://github.com/frangoteam/FUXA | Product | |
| cve@mitre.org | https://youtu.be/VCQkEGntN04 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MateusTesser/CVE-2023-31718 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/frangoteam/FUXA | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/VCQkEGntN04 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| frangoteam | fuxa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDFC991-8826-44E3-A950-365B378728EF",
"versionEndIncluding": "1.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 is vulnerable to Local via Inclusion via /api/download."
},
{
"lang": "es",
"value": "FUXA \u0026lt;= 1.1.12 es vulnerable a Local mediante Inclusi\u00f3n v\u00eda /api/download."
}
],
"id": "CVE-2023-31718",
"lastModified": "2024-11-21T08:02:12.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T00:15:11.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MateusTesser/CVE-2023-31718"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/VCQkEGntN04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MateusTesser/CVE-2023-31718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/VCQkEGntN04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-98"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-31717
Vulnerability from fkie_nvd - Published: 2023-09-22 00:15 - Updated: 2024-11-21 08:02
Severity ?
Summary
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/MateusTesser/CVE-2023-31717 | Third Party Advisory | |
| cve@mitre.org | https://github.com/frangoteam/FUXA | Product | |
| cve@mitre.org | https://youtu.be/IBMXTEI_5wY | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MateusTesser/CVE-2023-31717 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/frangoteam/FUXA | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/IBMXTEI_5wY | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| frangoteam | fuxa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDFC991-8826-44E3-A950-365B378728EF",
"versionEndIncluding": "1.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection attack in FUXA \u003c= 1.1.12 allows exfiltration of confidential information from the database."
},
{
"lang": "es",
"value": "Un ataque de inyecci\u00f3n SQL en FUXA \u0026lt;= 1.1.12 permite la filtraci\u00f3n de informaci\u00f3n confidencial de la base de datos."
}
],
"id": "CVE-2023-31717",
"lastModified": "2024-11-21T08:02:11.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T00:15:11.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MateusTesser/CVE-2023-31717"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/IBMXTEI_5wY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MateusTesser/CVE-2023-31717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/IBMXTEI_5wY"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31719
Vulnerability from fkie_nvd - Published: 2023-09-22 00:15 - Updated: 2024-11-21 08:02
Severity ?
Summary
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/MateusTesser/CVE-2023-31719 | Third Party Advisory | |
| cve@mitre.org | https://github.com/frangoteam/FUXA | Product | |
| cve@mitre.org | https://youtu.be/cjb2KYpV6dY | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MateusTesser/CVE-2023-31719 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/frangoteam/FUXA | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/cjb2KYpV6dY | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| frangoteam | fuxa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDFC991-8826-44E3-A950-365B378728EF",
"versionEndIncluding": "1.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 is vulnerable to SQL Injection via /api/signin."
},
{
"lang": "es",
"value": "FUXA \u0026lt;= 1.1.12 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de /api/signin."
}
],
"id": "CVE-2023-31719",
"lastModified": "2024-11-21T08:02:12.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T00:15:11.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MateusTesser/CVE-2023-31719"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/cjb2KYpV6dY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MateusTesser/CVE-2023-31719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/cjb2KYpV6dY"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31716
Vulnerability from fkie_nvd - Published: 2023-09-22 00:15 - Updated: 2024-11-21 08:02
Severity ?
Summary
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/MateusTesser/CVE-2023-31716 | Third Party Advisory | |
| cve@mitre.org | https://github.com/frangoteam/FUXA | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MateusTesser/CVE-2023-31716 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/frangoteam/FUXA | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| frangoteam | fuxa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDFC991-8826-44E3-A950-365B378728EF",
"versionEndIncluding": "1.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log"
},
{
"lang": "es",
"value": "FUXA \u0026lt;= 1.1.12 tiene una vulnerabilidad de inclusi\u00f3n de Archivos Locales a trav\u00e9s de file=fuxa.log"
}
],
"id": "CVE-2023-31716",
"lastModified": "2024-11-21T08:02:11.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T00:15:09.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MateusTesser/CVE-2023-31716"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MateusTesser/CVE-2023-31716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/frangoteam/FUXA"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-98"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-33831
Vulnerability from fkie_nvd - Published: 2023-09-18 20:15 - Updated: 2024-11-21 08:06
Severity ?
Summary
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://youtu.be/Xxa6yRB2Fpw | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/Xxa6yRB2Fpw | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| frangoteam | fuxa | 1.1.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frangoteam:fuxa:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD9039-4BAC-4A1A-B9C5-AAB831CA19D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) en el endpoint /api/runscript de FUXA 1.1.13 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada."
}
],
"id": "CVE-2023-33831",
"lastModified": "2024-11-21T08:06:02.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-18T20:15:09.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://youtu.be/Xxa6yRB2Fpw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://youtu.be/Xxa6yRB2Fpw"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-45851
Vulnerability from fkie_nvd - Published: 2022-03-16 10:15 - Updated: 2024-11-21 06:33
Severity ?
Summary
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.youtube.com/watch?v=JE1Kcq3iJpc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=JE1Kcq3iJpc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| frangoteam | fuxa | 1.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frangoteam:fuxa:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "65E7D7E4-F1C5-40E9-B39F-5AF8BF8B626B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server\u0027s internal environment and services, often potentially leading to the attacker executing commands on the server."
},
{
"lang": "es",
"value": "Puede llevarse a cabo un ataque de tipo Server-Side Request Forgery (SSRF) en FUXA versi\u00f3n 1.1.3, conllevando a la obtenci\u00f3n de informaci\u00f3n confidencial del entorno y los servicios internos del servidor, y que a menudo puede conllevar a que el atacante ejecute comandos en el servidor"
}
],
"id": "CVE-2021-45851",
"lastModified": "2024-11-21T06:33:09.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-16T10:15:08.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=JE1Kcq3iJpc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=JE1Kcq3iJpc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-31719 (GCVE-0-2023-31719)
Vulnerability from cvelistv5 – Published: 2023-09-21 00:00 – Updated: 2024-09-24 18:21
VLAI?
Summary
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/cjb2KYpV6dY"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MateusTesser/CVE-2023-31719"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31719",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:21:14.110911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:21:23.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 is vulnerable to SQL Injection via /api/signin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T23:06:40.260383",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/frangoteam/FUXA"
},
{
"url": "https://youtu.be/cjb2KYpV6dY"
},
{
"url": "https://github.com/MateusTesser/CVE-2023-31719"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31719",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-09-24T18:21:23.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31716 (GCVE-0-2023-31716)
Vulnerability from cvelistv5 – Published: 2023-09-21 00:00 – Updated: 2024-09-24 18:40
VLAI?
Summary
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MateusTesser/CVE-2023-31716"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:40:06.703528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:40:53.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T23:02:50.768228",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/frangoteam/FUXA"
},
{
"url": "https://github.com/MateusTesser/CVE-2023-31716"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31716",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-09-24T18:40:53.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31718 (GCVE-0-2023-31718)
Vulnerability from cvelistv5 – Published: 2023-09-21 00:00 – Updated: 2024-09-24 18:24
VLAI?
Summary
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/VCQkEGntN04"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MateusTesser/CVE-2023-31718"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31718",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:23:52.943105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:24:33.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 is vulnerable to Local via Inclusion via /api/download."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T23:05:22.915178",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/frangoteam/FUXA"
},
{
"url": "https://youtu.be/VCQkEGntN04"
},
{
"url": "https://github.com/MateusTesser/CVE-2023-31718"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31718",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-09-24T18:24:33.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31717 (GCVE-0-2023-31717)
Vulnerability from cvelistv5 – Published: 2023-09-21 00:00 – Updated: 2024-09-24 18:39
VLAI?
Summary
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/IBMXTEI_5wY"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MateusTesser/CVE-2023-31717"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31717",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:39:11.048719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:39:18.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection attack in FUXA \u003c= 1.1.12 allows exfiltration of confidential information from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T23:04:13.257655",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/frangoteam/FUXA"
},
{
"url": "https://youtu.be/IBMXTEI_5wY"
},
{
"url": "https://github.com/MateusTesser/CVE-2023-31717"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31717",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-09-24T18:39:18.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33831 (GCVE-0-2023-33831)
Vulnerability from cvelistv5 – Published: 2023-09-18 00:00 – Updated: 2024-09-25 18:46
VLAI?
Summary
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:12.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/Xxa6yRB2Fpw"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:45:53.576503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:46:00.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T19:28:59.834757",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://youtu.be/Xxa6yRB2Fpw"
},
{
"url": "https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33831",
"datePublished": "2023-09-18T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2024-09-25T18:46:00.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45851 (GCVE-0-2021-45851)
Vulnerability from cvelistv5 – Published: 2022-03-16 09:51 – Updated: 2024-08-04 04:54
VLAI?
Summary
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:30.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=JE1Kcq3iJpc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server\u0027s internal environment and services, often potentially leading to the attacker executing commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T09:51:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=JE1Kcq3iJpc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server\u0027s internal environment and services, often potentially leading to the attacker executing commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=JE1Kcq3iJpc",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=JE1Kcq3iJpc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45851",
"datePublished": "2022-03-16T09:51:25",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:30.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31719 (GCVE-0-2023-31719)
Vulnerability from nvd – Published: 2023-09-21 00:00 – Updated: 2024-09-24 18:21
VLAI?
Summary
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/cjb2KYpV6dY"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MateusTesser/CVE-2023-31719"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31719",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:21:14.110911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:21:23.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 is vulnerable to SQL Injection via /api/signin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T23:06:40.260383",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/frangoteam/FUXA"
},
{
"url": "https://youtu.be/cjb2KYpV6dY"
},
{
"url": "https://github.com/MateusTesser/CVE-2023-31719"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31719",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-09-24T18:21:23.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31716 (GCVE-0-2023-31716)
Vulnerability from nvd – Published: 2023-09-21 00:00 – Updated: 2024-09-24 18:40
VLAI?
Summary
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MateusTesser/CVE-2023-31716"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:40:06.703528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:40:53.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T23:02:50.768228",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/frangoteam/FUXA"
},
{
"url": "https://github.com/MateusTesser/CVE-2023-31716"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31716",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-09-24T18:40:53.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31718 (GCVE-0-2023-31718)
Vulnerability from nvd – Published: 2023-09-21 00:00 – Updated: 2024-09-24 18:24
VLAI?
Summary
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/VCQkEGntN04"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MateusTesser/CVE-2023-31718"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31718",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:23:52.943105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:24:33.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUXA \u003c= 1.1.12 is vulnerable to Local via Inclusion via /api/download."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T23:05:22.915178",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/frangoteam/FUXA"
},
{
"url": "https://youtu.be/VCQkEGntN04"
},
{
"url": "https://github.com/MateusTesser/CVE-2023-31718"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31718",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-09-24T18:24:33.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31717 (GCVE-0-2023-31717)
Vulnerability from nvd – Published: 2023-09-21 00:00 – Updated: 2024-09-24 18:39
VLAI?
Summary
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/frangoteam/FUXA"
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/IBMXTEI_5wY"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MateusTesser/CVE-2023-31717"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31717",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:39:11.048719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:39:18.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection attack in FUXA \u003c= 1.1.12 allows exfiltration of confidential information from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T23:04:13.257655",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/frangoteam/FUXA"
},
{
"url": "https://youtu.be/IBMXTEI_5wY"
},
{
"url": "https://github.com/MateusTesser/CVE-2023-31717"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31717",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-09-24T18:39:18.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33831 (GCVE-0-2023-33831)
Vulnerability from nvd – Published: 2023-09-18 00:00 – Updated: 2024-09-25 18:46
VLAI?
Summary
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:12.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/Xxa6yRB2Fpw"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:45:53.576503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:46:00.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T19:28:59.834757",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://youtu.be/Xxa6yRB2Fpw"
},
{
"url": "https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33831",
"datePublished": "2023-09-18T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2024-09-25T18:46:00.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45851 (GCVE-0-2021-45851)
Vulnerability from nvd – Published: 2022-03-16 09:51 – Updated: 2024-08-04 04:54
VLAI?
Summary
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:30.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=JE1Kcq3iJpc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server\u0027s internal environment and services, often potentially leading to the attacker executing commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T09:51:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=JE1Kcq3iJpc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server\u0027s internal environment and services, often potentially leading to the attacker executing commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=JE1Kcq3iJpc",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=JE1Kcq3iJpc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45851",
"datePublished": "2022-03-16T09:51:25",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:30.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}