Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FUXA has a Path Traversal Sanitization Bypass
Vulnerability Description
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
FUXA 安全漏洞
Vulnerability Description
FUXA是frangoteam开源的一个基于web的过程可视化软件。 FUXA 1.2.11之前版本存在安全漏洞,该漏洞源于路径清理逻辑存在缺陷,可能导致经过身份验证的管理员绕过目录遍历防护,进而实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A