PT-2024-33034 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 5.0.2 Description: The issue is related to an arbitrary file read vulnerability. It affects the /curd/index/editfile endpoint. There is no information provided about the estimated number of potentially affected devices...

CVE-2024-48225

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile...

CVE-2024-48224

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

CVE-2024-48228

CVE-2024-48228 affects funadmin 5.0.2, where the selectfiles method in \backend\controller\sys\Attachh.php directly stores unfiltered parameters/values into the param parameter, causing Cross-Site Scripting (XSS). Multiple connected sources (Red Hat CVE page, GHSA advisory, Veracode, OSV, NVD) co...

CVE-2024-48229

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...

CVE-2024-48230

CVE-2024-48230 affects funadmin 5.0.2 in the index method of backend/controller/auth/Auth.php, where the parentField parameter enables SQL Injection. Multiple sources (NVD, Red Hat, Veracode, OSV, GHSA/GitHub advisories, CVE lists) confirm the vulnerability and its impact on data confidentiality,...

CVE-2024-48226

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield...

CVE-2024-48225

Funadmin v5.0.2 contains an arbitrary file deletion vulnerability in the /curd/index/delfile endpoint. Multiple connected sources consistently describe this issue, noting that lack of proper access control allows unauthorized deletion of files. The vulnerability is categorized as a high-integrity...

CVE-2024-48229

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...

CVE-2024-48226

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in /curd/table/list...

CVE-2024-48222

Summary: CVE-2024-48222 affects Funadmin v5.0.2 with a SQL injection in the /curd/table/edit endpoint. The vulnerability stems from insufficient input validation, allowing untrusted data to be used directly in SQL queries. Connected sources corroborate a SQL injection risk and indicate potential ...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from a SQL injection vulnerability in /curd/table/edit...

CVE-2024-48227

CVE-2024-48227 concerns Funadmin 5.0.2, where a logical flaw in the Curd one-click command deletion function can cause a Denial of Service (DOS). The available documents identify the affected software and the faulty delete logic as the root cause, and they consistently describe impact as DoS. No ...

PT-2024-33033 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 5.0.2 Description: The issue is a SQL injection vulnerability located in the /curd/table/fieldlist API endpoint. This allows for potential exploitation by injecting malicious SQL code. No information is provided about the...

CVE-2024-48224

Funadmin v5.0.2 has an arbitrary file read vulnerability in the /curd/index/editfile endpoint. The issue is documented across multiple sources (NVD entry CVE-2024-48224 and Red Hat, Veracode, OSV, Snyk, GHSA advisories, CNNVD, PT Security) and is consistently described as an arbitrary file read/l...

CVE-2024-48227

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...

CVE-2024-48222

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which stems from the selectfiles method in ackendcontrollersysAttachh.php directly depositing incoming paramete...

CVE-2024-48227

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...