CVE-2023-31718

Name of the Vulnerable Software and Affected Versions FUXA versions 1.1.12 and earlier

Description The issue allows for Local File Inclusion via the "/api/download" API endpoint. This could potentially be exploited to access sensitive files on the system.

Recommendations For versions 1.1.12 and earlier, as a temporary workaround, consider restricting access to the "/api/download" API endpoint until a patch is available. Avoid using the /api/download endpoint in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.