302 matches found
CVE-2024-48223
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist...
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
CVE-2024-48218
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list...
CVE-2024-48226
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield...
CVE-2024-48218
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list...
CVE-2024-48225
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile...
CVE-2024-48226
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield...
CVE-2024-48225
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile...
CVE-2024-48222
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit...
CVE-2024-48222
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit...
CVE-2024-48230
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2024-48230
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
CVE-2024-48218
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list...
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
FunAdmin 安全漏洞
FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in curd/table/savefield...
PT-2024-33038 · Funadmin · Funadmin
Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: An issue was found in the selectfiles method in backendcontrollersysAttachh.php, where it directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site...
PT-2024-33039 · Unknown +1 · Curd One Click Command Mode Plugin +1
Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: The issue is related to a SQL injection vulnerability in the Curd one click command mode plugin. No information is provided about the estimated number of potentially affected devices worldwide or real-world...
CVE-2024-48228
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...
CVE-2024-48225
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile...