FUXA vulnerable to Local File Inclusion
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
Advisories for Npm/@Frangoteam/Fuxa package
2023
Improper Neutralization of Special Elements used in a Command ('Command Injection')
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
2022
Server-Side Request Forgery (SSRF)
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.