H1Dr1

**Name of the Vulnerable Software and Affected Versions** FUXA versions prior to 1.2.11 **Description** FUXA is a web-based Process Visualization software. A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. Utilizing nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like `runtime/scripts`. This can lead to Remote Code Execution (RCE) when the server reloads the malicious scripts. The vulnerability is related to insufficient input validation when handling file paths. **Recommendations** Update to version 1.2.11 or later.