@frangoteam/fuxa@1.0.11 vulnerabilities

Web-based Process Visualization (SCADA/HMI/Dashboard) software

latest version

1.1.18
first published

3 years ago
latest version published

2 months ago
licenses detected
- MIT
  >=0
View @frangoteam/fuxa package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @frangoteam/fuxa package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Directory Traversal @frangoteam/fuxa is a Web-based Process Visualization (SCADA/HMI/Dashboard) software Affected versions of this package are vulnerable to Directory Traversal via the `/api/download` endpoint. An attacker can execute arbitrary code on the local system by manipulating the file inclusion mechanism. How to fix Directory Traversal? Upgrade `@frangoteam/fuxa` to version 1.1.14 or higher.	<1.1.14
H SQL Injection @frangoteam/fuxa is a Web-based Process Visualization (SCADA/HMI/Dashboard) software Affected versions of this package are vulnerable to SQL Injection via the `HTTP POST id` parameter passed in the body as JSON, due to improper user-input sanitization. An attacker can extract confidential information from the SQLite database by exploiting this vulnerability. How to fix SQL Injection? There is no fixed version for `@frangoteam/fuxa`.	*
H Directory Traversal @frangoteam/fuxa is a Web-based Process Visualization (SCADA/HMI/Dashboard) software Affected versions of this package are vulnerable to Directory Traversal via the `fuxa.log` file due to improper file sanitization. An attacker can read arbitrary files on the server by manipulating the file parameter to reference the desired file. How to fix Directory Traversal? There is no fixed version for `@frangoteam/fuxa`.	*
H SQL Injection @frangoteam/fuxa is a Web-based Process Visualization (SCADA/HMI/Dashboard) software Affected versions of this package are vulnerable to SQL Injection via the `/api/signin` endpoint due to improper user-input sanitization. An attacker can manipulate the SQL query to gain unauthorized access or retrieve sensitive data by injecting malicious SQL code. How to fix SQL Injection? There is no fixed version for `@frangoteam/fuxa`.	*
C Remote Code Execution (RCE) @frangoteam/fuxa is a Web-based Process Visualization (SCADA/HMI/Dashboard) software Affected versions of this package are vulnerable to Remote Code Execution (RCE) via the `/api/runscript` endpoint. An attacker can execute arbitrary commands by sending a crafted POST request. How to fix Remote Code Execution (RCE)? There is no fixed version for `@frangoteam/fuxa`.	>=0.0.0
H Server-side Request Forgery (SSRF) @frangoteam/fuxa is a Web-based Process Visualization (SCADA/HMI/Dashboard) software Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to obtain sensitive information from the server's internal environment and services. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `@frangoteam/fuxa`.	*

Go back to all versions of this package

@frangoteam/fuxa@1.0.11 vulnerabilities

Web-based Process Visualization (SCADA/HMI/Dashboard) software

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities