Funadmin: >> Funadmin Security Vulnerabilities
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2024-10-25
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).
CVSS Score
4.9
EPSS Score
0.003
Published
2024-10-25
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-10-25
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-10-25
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
Page 1