6 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the getMember function. An attacker can obtain sensitive information by sending crafted requests to the affected endpoint. Remediation There is no fixed version for funadmin/funadmin. References - GitHub Issue -...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the parentField parameter in the index method of backend/controller/auth/Auth.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the edit method in controller\Table.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for funadmin/funadmin. References - GitHub Issue...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the app\curd\controller\Table.php file. An attacker can manipulate SQL queries and access or alter database information without proper authorization. Remediation There is no fixed version for funadmin/funadmin...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to improper authorization through the fieldlist method in controller\Table.php file. An attacker can manipulate SQL queries and access or modify data in the database without. Remediation There is no fixed version for...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the selectFields parameter in the index function in Auth.php. Remediation There is no fixed version for funadmin/funadmin. References - GitHub Issue - Vulnerable Code...