303 matches found
SQL injection in funadmin
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list...
Logic flaw in Funadmin
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...
SQL injection in funadmin
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the edit method in controller\Table.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for funadmin/funadmin. References - GitHub Issue...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the app\curd\controller\Table.php file. An attacker can manipulate SQL queries and access or alter database information without proper authorization. Remediation There is no fixed version for funadmin/funadmin...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the getSystemTable and Delete methods in the common.php file. An attacker can disrupt service availability by exploiting this logic flaw to delete critical commands. Details Denial of Service DoS describes a...
GHSA-R9V5-Q97M-RJ5G Logic flaw in Funadmin
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...
GHSA-9GW3-QR2F-3VG5 SQL injection in funadmin
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization via the editfile method in \controller\Index.php file . An attacker can execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Remediation There is no...
GHSA-6J8F-88MH-R9VQ SQL injection in funadmin
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
GHSA-VW6X-C5RG-JMJP SQL injection in funadmin
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile...
GHSA-H4PX-9VMP-P7PV SQL injection in funadmin
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list...
GHSA-X2FR-VJ74-5H35 SQL injection in funadmin
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist...
GHSA-5G66-93QV-565J SQL injection in funadmin
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit...
CVE-2024-48230
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2024-48229
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...
CVE-2024-48227
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...
CVE-2024-48230
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2024-48227
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...
CVE-2024-48222
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit...