CVE-2023-31719

CRITICAL

FUXA <= 1.1.12 - SQL Injection via /api/signin

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-31719. PoCs published by AikidoSec, MateusTesser.

AI-analyzed exploit summary This repository contains functional exploit PoCs for multiple CVEs, including CVE-2023-31719, demonstrating JavaScript injection and path traversal vulnerabilities. The PoCs include both vulnerable and protected test cases, showcasing the effectiveness of the Aikido Zen Firewall in blocking these attacks.

Description

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.

Exploits (2)

github WORKING POC 6 stars

by AikidoSec · javascriptpoc

https://github.com/AikidoSec/zen-0-days/tree/main/node/CVE-2023-31719

View Code ZIP pw:eip

This repository contains functional exploit PoCs for multiple CVEs, including CVE-2023-31719, demonstrating JavaScript injection and path traversal vulnerabilities. The PoCs include both vulnerable and protected test cases, showcasing the effectiveness of the Aikido Zen Firewall in blocking these attacks.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Node.js applications using @enspirit/elo and st modules

No auth needed

Prerequisites: Node.js environment · Docker for containerized testing

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by MateusTesser · poc

https://github.com/MateusTesser/CVE-2023-31719

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2023-31719, demonstrating a SQL injection vulnerability in the FUXA software. The exploit targets the '/api/signin' endpoint via a crafted HTTP POST request with a malicious 'username' parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: FUXA <= 1.1.12

No auth needed

Prerequisites: Network access to the target system · FUXA software version <= 1.1.12

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory

https://github.com/MateusTesser/CVE-2023-31719

Product

https://github.com/frangoteam/FUXA

Exploit, Third Party Advisory

https://youtu.be/cjb2KYpV6dY

Scores

CVSS v3 9.8

EPSS 0.2744

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

frangoteam/fuxa < 1.1.12

npm/fuxa-server 0npm

Published Sep 22, 2023

Tracked Since Feb 18, 2026