logo

Database

Server side template injection In @frangoteam/fuxa

Description

A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-338312. NVD-2023-338313. OSV-2023-338314. GCVE-2023-33831

References

1. https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-338312. https://youtu.be/Xxa6yRB2Fpw3. https://vulncheck.com/cve/CVE-2023-338314. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-33831.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.