It is possible to do SQL Injection into the HTTP POST id parameter passed in the body as json, being able to extract confidential information from the SQLite database
Payload -> "id":"n_7c734712-aabf4eb3' AND 2630=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))) AND 'MIZH'='MIZH"
Name Affected product: FUXA
Version affected: <= 1.1.12
Problem: SQL Injection
Description: It is possible to do SQL Injection into the HTTP POST id parameter passed in the body as json, being able to extract confidential information from the SQLite database