Описание
FUXA allows Remote Code Execution (RCE) via the project import functionality.
FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise.
Пакеты
Наименование
fuxa-server
npm
Затронутые версииВерсия исправления
<= 1.2.7
Отсутствует
Связанные уязвимости
nvd
5 дней назад
FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise.