FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an arbitrary file read vulnerability in /curd/index/editfile...

PT-2024-33041 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: The issue is related to SQL Injection via the parentField parameter in the index method of backendcontrollerauthAuth.php. There is no information provided about the estimated number of potentially affected...

PT-2024-33039 · Unknown +1 · Curd One Click Command Mode Plugin +1

Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: The issue is related to a SQL injection vulnerability in the Curd one click command mode plugin. No information is provided about the estimated number of potentially affected devices worldwide or real-world...

PT-2024-33034 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 5.0.2 Description: The issue is related to an arbitrary file read vulnerability. It affects the /curd/index/editfile endpoint. There is no information provided about the estimated number of potentially affected devices...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which stems from the selectfiles method in ackendcontrollersysAttachh.php directly depositing incoming paramete...

CVE-2024-48223

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source development based on ThinkPHP6 + Layui development of a lightweight high-color backend development system. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in the parentField parameter of the index...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in the Curd one-click command mode plugin...

Funadmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in Funadmin version 5.0.2, which originates from an arbitrary file deletion vulnerability in /curd/index/delfile...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in /curd/table/list...

CVE-2024-48229

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in curd/table/savefield...

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

PT-2024-33033 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 5.0.2 Description: The issue is a SQL injection vulnerability located in the /curd/table/fieldlist API endpoint. This allows for potential exploitation by injecting malicious SQL code. No information is provided about the...

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

CVE-2024-48228

CVE-2024-48228 affects funadmin 5.0.2, where the selectfiles method in \backend\controller\sys\Attachh.php directly stores unfiltered parameters/values into the param parameter, causing Cross-Site Scripting (XSS). Multiple connected sources (Red Hat CVE page, GHSA advisory, Veracode, OSV, NVD) co...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in /curd/table/fieldlist...

CVE-2024-48227

CVE-2024-48227 concerns Funadmin 5.0.2, where a logical flaw in the Curd one-click command deletion function can cause a Denial of Service (DOS). The available documents identify the affected software and the faulty delete logic as the root cause, and they consistently describe impact as DoS. No ...

CVE-2024-48229

Funadmin 5.0.2 is affected by a SQL injection in the Curd one-click command mode plugin. The vulnerability arises from improper input validation, allowing user-supplied data to be directly included in SQL queries without sanitization. This affects the Curd one-click command mode plugin and can im...

PT-2024-33038 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: An issue was found in the selectfiles method in backendcontrollersysAttachh.php, where it directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site...