Skip to main content

Fuxa CVE-2023-31719

CRITICAL
SQL Injection (CWE-89)
2023-09-22 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 22, 2023 - 00:15 nvd
CRITICAL 9.8

DescriptionNVD

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.

AnalysisAI

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. Affected products include: Frangoteam Fuxa.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

More in Fuxa

View all
CVE-2025-69971 CRITICAL POC
9.8 Feb 03

FUXA v1.2.7 has hard-coded JWT credentials (EPSS 4.8%) that allow attackers to forge authentication tokens and bypass al

CVE-2025-69985 CRITICAL POC
9.8 Feb 24

Authentication bypass in FUXA SCADA/HMI system 1.2.8 and prior leading to Remote Code Execution. Unauthenticated attacke

CVE-2023-33831 CRITICAL POC
9.8 Sep 18

A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute

CVE-2023-31718 HIGH POC
7.5 Sep 22

FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2023-31717 HIGH POC
7.5 Sep 22

A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. Rated high s

CVE-2025-69983 CRITICAL
9.8 Feb 03

FUXA v1.2.7 allows remote code execution through the project import functionality by importing crafted project files con

CVE-2026-25893 CRITICAL
9.8 Feb 09

FUXA SCADA has yet another authorization bypass — now the seventh critical FUXA vulnerability discovered, enabling unaut

CVE-2026-25938 CRITICAL
9.8 Feb 09

FUXA SCADA has an authentication spoofing vulnerability from versions 1.2.8 through 1.2.10 — tenth critical vulnerabilit

CVE-2026-25894 CRITICAL
9.8 Feb 09

FUXA SCADA has insecure default configuration with a known JWT secret — eighth critical vulnerability.

CVE-2025-69981 CRITICAL
9.8 Feb 03

FUXA v1.2.7 has an unrestricted file upload in the /api/upload endpoint that lacks authentication and file type validati

CVE-2026-25895 CRITICAL POC
9.8 Feb 09

FUXA SCADA has a path traversal vulnerability — ninth critical vulnerability enabling arbitrary file access on SCADA ser

CVE-2025-69970 CRITICAL
9.3 Feb 03

FUXA v1.2.7 SCADA/HMI system has insecure default configuration with security disabled by default, exposing industrial c

Share

CVE-2023-31719 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy