Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

303 matches found

Veracode
Veracodeadded 2024/11/07 7:55 a.m.10 views

SQL Injection

Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input validation in the Curd one-click command mode plugin, allowing user-supplied data to be directly included in SQL queries without sanitization. Attackers can exploit this to execute arbitrary SQL commands...

9.8CVSS8.1AI score0.00434EPSS
Exploits0References2Affected Software1
Veracode
Veracodeadded 2024/11/07 6:53 a.m.5 views

Denial Of Service (DoS)

funadmin/funadmin is vulnerable to a Denial of Service DOS. The vulnerability is due to a logical flaw in the Curd one-click command deletion function, which can lead to a DOS condition...

7.5CVSS6.7AI score0.00531EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2024/11/06 11:52 a.m.15 views

SQL Injection

funadmin/funadmin is vulnerable to SQL Injection. The vulnerability is due to improper validation of the parentField parameter in the index method of \backend\controller\auth\Auth.php...

9.8CVSS7.2AI score0.00472EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2024/11/06 11:45 a.m.14 views

SQL Injection

funadmin/funadmin is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the /curd/table/edit endpoint, which allows untrusted data to be directly used in SQL queries without proper sanitization or escaping...

9.8CVSS7.5AI score0.00561EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2024/11/06 11:5 a.m.11 views

Arbitrary File Deletion

funadmin/funadmin is vulnerable to Arbitrary File Deletion. The vulnerability is due to a lack of proper access control in the /curd/index/delfile endpoint, which allows unauthorized users to delete files...

9.1CVSS6.5AI score0.00537EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2024/10/26 12:32 a.m.7 views

GHSA-J9WP-X5Q5-XH2F Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS6.1AI score0.00268EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2024/10/26 12:32 a.m.14 views

Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS6.5AI score0.00268EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2024/10/25 10:15 p.m.13 views

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS0.00268EPSS
Exploits1References1
OSV
OSVadded 2024/10/25 10:15 p.m.2 views

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS6.7AI score
Exploits0References1
OSV
OSVadded 2024/10/25 9:31 p.m.11 views

GHSA-H345-R48X-G68F SQL injection in funadmin

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...

9.8CVSS7.3AI score0.00434EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2024/10/25 9:31 p.m.22 views

SQL injection in funadmin

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...

9.8CVSS8AI score0.00434EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2024/10/25 9:31 p.m.18 views

SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

9.8CVSS7.6AI score0.00472EPSS
Exploits1References3Affected Software1
Snyk
Snykadded 2024/10/25 9:31 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper authorization via the add method in controller\Index.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for funadmin/funadmin...

9.8CVSS7.9AI score0.00434EPSS
Exploits0References2
Snyk
Snykadded 2024/10/25 9:31 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the parentField parameter in the index method of backend/controller/auth/Auth.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for...

9.8CVSS8AI score0.00472EPSS
Exploits1References2
OSV
OSVadded 2024/10/25 9:31 p.m.12 views

GHSA-2MV8-JJM5-F3HR SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

9.8CVSS7.3AI score0.00472EPSS
Exploits1References3
Snyk
Snykadded 2024/10/25 9:31 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper authorization through the fieldlist method in controller\Table.php file. An attacker can manipulate SQL queries and access or modify data in the database without. Remediation There is no fixed version for...

9.8CVSS7.9AI score0.00542EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2024/10/25 9:31 p.m.15 views

SQL injection in funadmin

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist...

9.8CVSS7.5AI score0.00542EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2024/10/25 9:31 p.m.19 views

SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

7.5CVSS5.5AI score0.00644EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2024/10/25 9:31 p.m.17 views

SQL injection in funadmin

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield...

9.8CVSS7.5AI score0.00542EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2024/10/25 9:31 p.m.20 views

SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile...

9.1CVSS6.8AI score0.00537EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder