CNNVD-202602-339 Information
Feb 03, 2026
cve
CNNVD ID
CNNVD-202602-339
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
FUXA是frangoteam开源的一个基于web的过程可视化软件。 FUXA 1.2.7版本存在安全漏洞,该漏洞源于/api/upload API端点缺乏身份验证机制,可能导致未经身份验证的远程攻击者上传任意文件,从而覆盖关键系统文件或上传恶意脚本以执行任意代码。
Description (English)
FUXA is a web-based process visualization software that is an open source for francoteam. FUXA version 1.2.7 contains a security loophole stemming from the lack of an identification mechanism at the /api/upload API endpoint, which may result in unauthorized remote assailants uploading random documents, thus covering key system documents or uploading malicious scripts to enforce arbitrary codes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
frangoteam
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/frangoteam/FUXA/blob/master/server/api/projects/index.js#L193
Patch
https://github.com/frangoteam/FUXA/releases
Share on: