-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests through the 'file=fuxa.log' parameter, indicating improper input validation in file retrieval functionality. While exact code isn't available, Node.js LFI patterns suggest: 1) A route handler accepts user-controlled 'file' parameter 2) Uses it directly in fs.readFile/path.join without: - Restricting to a safe directory - Sanitizing path traversal sequences 3) The CWE-98 mapping (despite PHP reference) implies similar insecure file inclusion logic. The high confidence comes from the vulnerability's reproducibility (public PoC references) and standard LFI patterns in web applications handling file parameters.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @frangoteam/fuxa | npm | <= 1.1.12 |
A Semantic Attack on Google Gemini - Read the Latest Research