Description

FUXA allows Remote Code Execution (RCE) via the project import functionality. FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise.

Mitigation

Aliases

References