GHSA-c5gq-4h56-4mmx: FUXA Unauthenticated Exposure of Plaintext Database Credentials

February 5, 2026

An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

References

github.com/advisories/GHSA-c5gq-4h56-4mmx
github.com/frangoteam/FUXA
github.com/frangoteam/FUXA/commit/c6c4cba1a62545e8e3ae0f43b2269e61209fbee8
github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq-4h56-4mmx

Code Behaviors & Features

Detect and mitigate GHSA-c5gq-4h56-4mmx with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →