FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

N/A

对路径名的限制不恰当(路径遍历)

FUXA 访问控制错误漏洞

FUXA是frangoteam开源的一个基于web的过程可视化软件。 FUXA 1.2.9及之前版本存在访问控制错误漏洞，该漏洞源于存在路径遍历，可能导致未经验证的远程攻击者向服务器文件系统任意位置写入任意文件。

N/A

N/A