Denial Of Service (DoS)

funadmin/funadmin is vulnerable to a Denial of Service DOS. The vulnerability is due to a logical flaw in the Curd one-click command deletion function, which can lead to a DOS condition...

SQL Injection

funadmin/funadmin is vulnerable to SQL Injection. The vulnerability is due to improper validation of the parentField parameter in the index method of \backend\controller\auth\Auth.php...

SQL Injection

funadmin/funadmin is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the /curd/table/edit endpoint, which allows untrusted data to be directly used in SQL queries without proper sanitization or escaping...

Arbitrary File Deletion

funadmin/funadmin is vulnerable to Arbitrary File Deletion. The vulnerability is due to a lack of proper access control in the /curd/index/delfile endpoint, which allows unauthorized users to delete files...

Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

GHSA-J9WP-X5Q5-XH2F Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the parentField parameter in the index method of backend/controller/auth/Auth.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for...

GHSA-2MV8-JJM5-F3HR SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

SQL injection in funadmin

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...

GHSA-H345-R48X-G68F SQL injection in funadmin

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper authorization via the add method in controller\Index.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for funadmin/funadmin...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the app\curd\controller\Table.php file. An attacker can manipulate SQL queries and access or alter database information without proper authorization. Remediation There is no fixed version for funadmin/funadmin...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the getSystemTable and Delete methods in the common.php file. An attacker can disrupt service availability by exploiting this logic flaw to delete critical commands. Details Denial of Service DoS describes a...

Logic flaw in Funadmin

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...

SQL injection in funadmin

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit...

SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile...

SQL injection in funadmin

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist...